5. Configure RADIUS

The Remote Authentication Dial-In User Service (RADIUS) can be enabled for VidyoPortal, VidyoRouter, and VidyoGateway servers. This configuration is optional and you do not have to install it unless you plan on using RADIUS.

Disable FIPS mode

RADIUS configuration is allowed only when the Vidyo server has FIPS disabled. If FIPS is enabled, follow the procedures in this section to disable it. If FIPS is already disabled, then proceed to the Enable RADIUS section.

To disable FIPS mode:

  1. Log in to the System Console.

    2. Note

    Press the Enter key after each prompt.
  2. Enter m for more options.
  3. Enter A for Advanced Options.
  4. Enter 1 to disable FIPS mode.

    5. Note

    This setting toggles between disable and enable states.

    A message displays stating the following: "CDR access and RADIUS authentication are allowed with FIPS-mode disabled."

  5. Enter y to verify disabling FIPS mode.
  6. Press the Enter key on your keyboard to return to the Advanced Options menu.

Enable RADIUS

To enable RADIUS:

  1. Log in to the System Console.

    2. Note

    Press the Enter key after each prompt.
  2. Enter 19 for more options.
  3. Enter D for Advanced Options.
  4. Enter y for the change settings prompt.
  5. Enter y for the confirm enable radius prompt.
  6. Enter the IP or FQDN of the RADIUS server or leave blank to cancel.
  7. Enter the preshared key for the RADIUS server.
  8. Enter the IP or FQDN for additional RADIUS servers or leave blank to finish.

    9. Note

    A maximum of 10 RADIUS servers are supported.
  9. Enter the preshared key for the additional RADIUS server.
  10. Enter the IP or FQDN for additional RADIUS server or leave blank to finish.

    11. Note

    In the following screenshot, two RADIUS servers were configured causing this prompt to display. This prompt will only display if two or more RADIUS servers are being configured. If you do not have additional RADIUS servers to configure, leave blank to finish.
  11. Press any key on your keyboard to return to the User Maintenance menu.

View the current RADIUS configuration

You should always review your RADIUS server configurations for accuracy.

To view the current RADIUS configuration:

  1. Log in to the System Console.

    2. Note

    Press the Enter key after each prompt.
  2. Enter D to select the RADIUS Authentication option. The RADIUS server configurations display.
  3. Enter n for the change settings prompt if the configuration does not need to be modified.

    4. Note

    Enter y for the change settings prompt if the configuration needs to be modified, and proceed to step 4 in the Modify the RADIUS configuration section.

Modify the RADIUS configuration

To modify the RADIUS configuration:

  1. Log in to the System Console.

    2. Note

    Press the Enter key after each prompt.
  2. Enter D to select the RADIUS Authentication option. The RADIUS server configurations display.
  3. Enter y for the change settings prompt if the configuration needs to be modified.

    4. Note

    If you enter y for the change settings prompt, then all RADIUS server configurations will need to be re-entered.
  4. Re-enter the IP or FQDN of the RADIUS server or leave blank to cancel.
  5. Re-enter the preshared key for the RADIUS server.
  6. Re-enter the IP or FQDN for additional RADIUS servers or leave blank to finish.

    7. Note

    A maximum of 10 RADIUS servers are supported.
  7. Re-enter the preshared key for the additional RADIUS server.
  8. Re-enter the IP or FQDN for any additional RADIUS server or leave blank to finish.

    9. Note

    In the following screenshot, two RADIUS servers were configured causing this prompt to display. This prompt will only display if two or more RADIUS servers are being configured. If you do not have additional RADIUS servers to configure, leave blank to finish.

    RADIUS is enabled.

  9. Press any key on your keyboard to return to the User Maintenance menu.

Create a RADIUS-enabled account

To create a RADIUS-enabled account:

  1. Log in to the System Console.

    2. Note

    Press the Enter key after each prompt.
  2. Enter A for Advanced Options.
  3. Enter a unique username. The username must match your RADIUS User ID.
  4. Enter y for the confirm changes prompt.
  5. Enter y for the user to be authenticated via RADIUS prompt.

    6. Note

    Enter n if you do not want the user to be authenticated via RADIUS, and proceed to the Create a local System Console account section.

View a RADIUS-enabled account

You should always review the new RADIUS-enabled account for accuracy.

To view a RADIUS-enabled account:

  1. Log in to the System Console.

    2. Note

    Press the Enter key after each prompt.
  2. Enter 19 to access the User Maintenance menu.
  3. Enter C to select the Show User(s) option.
    A list of current users in the system displays. If the new user is set up incorrectly, then proceed to the Remove a RADIUS-enabled account section.
  4. Press any key on your keyboard to return to the User Maintenance menu.

Remove a RADIUS-enabled account

To remove a RADIUS-enabled account:

  1. Log in to the System Console.

    2. Note

    Press the Enter key after each prompt.
  2. Enter B to select the Remove User option.
  3. Enter the username to be removed.
  4. Enter y for the confirm changes prompt.

Disable RADIUS authentication

To disable RADIUS authentication:

  1. Log in to the System Console.

    2. Note

    Press the Enter key after each prompt.
  2. Enter 19 to access the User Maintenance menu.
  3. Enter D to select the RADIUS Authentication option. Details about the RADIUS server display.
  4. Enter y for the change settings prompt.
  5. Enter n for the leave RADIUS enabled prompt. RADIUS is disabled.
  6. Press any key on your keyboard to return to the User Maintenance menu.

Create a local System Console account

To create a local System Console account:

  1. Log in to the System Console.

    2. Note

    Press the Enter key after each prompt.
  2. Enter A for Advanced Options.
  3. Enter a unique username.
  4. Enter y for the confirm changes prompt.
  5. Enter n for the user to be authenticated via RADIUS prompt.
  6. Enter password for the current UNIX password.
    Enter a unique password that follows these password complexity requirements:
    • The password should not be based on the dictionary.
    • The password should not be similar to the old password.

    The default setting is at least three characters should be different from the old password.

    • The password should not be overly simple or short.

    The algorithm here is a point system to satisfy the minimum password length (the default length is eight characters). The password gets extra points if it contains a number, upper case, lower case, or special character. Each point is equivalent to one character.

    • The password should not be a case change of the old password or should not be the reverse of the old password.
  7. Re-enter your new password for the retype new UNIX password prompt.
    If the passwords don’t match, you’ll be prompted to try again. If the passwords match, the System Console menu opens immediately.

    8. Note

    When you need to reset the password, use 13. Set 'admin' password. However, if you are logged in with a RADIUS-enabled account and need to use this option, then your account will be converted back to a local System Console account with the standard default password at the next login.

    In addition, when using the emergency user functionality with a RADIUS-enabled account, the account will be converted back to a local System Console account as well.