You can authenticate administrators on an engine by using the RADIUS authentication method.
Before you begin
- This feature is not supported for virtual engines.
- This feature is only supported on engine versions 7.1.3 and later.
- If a user disables the root account and downgrades the engine to a version that does not support radius authentication for engine, then the root account will remain unavailable
even if the password is reset from SMC. Hence, it is recommended that the root account is enabled before downgrading the engine version.
Steps
-
Configure the RADIUS authentication settings for the administrator. For more information, refer to the Authenticate administrators using RADIUS or TACACS+
methods topic.
-
Select
Configuration.
-
Right-click an engine, then select Edit <element type>.
-
Navigate to .
-
In the Root and Administrator Authentication section:
- From the Root Password Login drop-down list, select one of the following options:
- Login Allowed via SSH and Console: The root password login to an engine is allowed via SSH and console.
Note: By default, this option is
selected if the engine is upgraded.
- Login Allowed via Console Only: The root password login to an engine by using SSH is not allowed. But root password login by using console is
allowed.
Note: By default, this option is selected when we create a new engine.
- Root Account Disabled (Super User Privileges through sudo): The root password login to an engine is disabled.
- From the Authentication Method drop-down list, select an authentication method element from the below options:
- From the SSH Passwordless Login drop-down list, select one of the following options:
- Allow: The SSH password less login is allowed.
- Deny: The SSH password less login is denied.
Note: This applies only to administrators replicated on the engine. For more details on administrator account replication, refer to the Add administrator
accounts topic.
-
Click the Save and Refresh icon.