Fujitsu ETERNUS AF250 Design Manual page 74

1. Function
User Access Management
User roles are specified in the Vendor Specific Attribute (VSA) of the Access-Accept response from the server.
The following table shows the syntax of the VSA based account role on the RADIUS server.
Item
Type
Length
Vendor-Id
Vendor type
Vendor length
Attribute-Specific
*1: The server-side role names must be identical to the role names of the ETERNUS AF. Match the letter case
when entering the role names.
[Example] RoleName0
If RADIUS authentication fails when "Do not use Internal Authentication" has been selected for "Authentica-
•
tion Error Recovery" on ETERNUS Web GUI, ETERNUS CLI, or SMI-S, logging on to ETERNUS Web GUI or ETER-
NUS CLI will not be available.
When the setting to use Internal Authentication for errors caused by network problems is configured, Inter-
nal Authentication is performed if RADIUS authentication fails on both primary and secondary RADIUS serv-
ers, or at least one of these failures is due to network error.
So long as there is no RADIUS authentication response the ETERNUS AF will keep retrying to authenticate
•
the user for the entire "Timeout" period set on the "Set RADIUS Authentication (Initial)" menu. If authentica-
tion does not succeed before the "Timeout" period expires, RADIUS Authentication is considered to be a fail-
ure.
When using RADIUS authentication, if the role that is received from the server is unknown (not set) for the
•
device, RADIUS authentication fails.
Size
Value
(octets)
1 26
1 7 or more
4 211
1 1
1 2 or more
1 or more ASCII characters
FUJITSU Storage ETERNUS AF250 S2, ETERNUS AF250 All-Flash Arrays Design Guide (Basic)
Copyright 2019 FUJITSU LIMITED
Description
Attribute number for the Vendor Specific At-
tribute
Attribute size (calculated by server)
Fujitsu Limited (SMI Private Enterprise Code)
Eternus-Auth-Role
Attribute size described after Vendor type
(calculated by server)
One or more assignable role names for suc-
cessfully authenticated users (*1)
74
P3AG-1822-09ENZ0