How to configure RSA SecurID as RADIUS on Nokia IPSO for http / https / ssh??

-->

How to configure RADIUS on Nokia IPSO for http / https / ssh??

Checkpoint Secure Knowledge - Solution ID: sk40665

How do I configure RADIUS authentication in Network Voyager using AAA?

___________________________________________

Symptoms

___________________________________________

· RADIUS, or Remote Authentication Dial-In User Service, is a client and server-based authentication software system that supports remote access applications. This service allows an organization to maintain user profiles in a centralized database that resides on an authentication server that can be shared by multiple remote access servers. A host contacts a RADIUS server, which determines who has access to that service.

Beginning with IPSO 3.5, Nokia provides RADIUS client support only.

Solution

These are steps needed to make RADIUS work with IPSO's httpd. It is important that there is a corresponding IPSO user ID to the RADIUS ID (i.e. the usernames must be the same).

The following example will create a new Auth Profile and a new Service Profile. We will use the following:

Auth Profile - RADIUS_httpd_authprofile,

Service Profile - RADIUS_prof_httpd

RADIUS server is called 'RADIUS',

username is 'nokiaadmin'

The AAA configuration page may be a little confusing at first, but it can be explained.

1) From the Network Voyager Main Configuration page, select AAA Configuration from the Security and Access Configuration section. You will now see the Authentication, Authorization, and Accounting (AAA) Configuration page.

2) Scroll down to the Auth. Profile section.

• In the New Auth. Profile field, enter the name of your new profile (RADIUS_httpd_authprofile) and select type 'RADIUS'

• Select Apply

• After the page refreshes, select the Servers link that you will now see to the right of your newly created profile

• Enter the IP address, secret and port (default: 5500) of the RADIUS server you are using

• Select Up to return to the AAA Configuration page

3) Scroll down to the Service Profiles section.

• In Service Profile field at the bottom of this section, enter an existing profile (RADIUS_prof_httpd)

• In the Auth. Profile field, enter a related, existing authentication profile (RADIUS_httpd_authprofile)

• In the Acct. Profile field, enter a related, existing account profile (base_httpd_acctprofile)

• In the Session Profile field, enter a related, existing session pofile (base_httpd_sessprofile)

• Apply and Save

• Select Up to return to the Main Configuration Page

4) Scroll down to the Security & Access Configuration section and select Users

5) Create a user with UID=0, and home directory (/var/nokiaadmin); the rest of the fields are left default/empty; apply & save. Username should be up to 8 characters long.

6) Go back to the AAA Configuration page in Voyager.

7) Associate the service module 'httpd' with the profile 'RADIUS_prof_httpd'; apply & save

8) Test Voyager access with RADIUS login ID 'nokiaadmin'

For more information and screenshot guidance please refer to WhitePaper_Configuring_RADIUS