Nokia Network Voyager for IPSO 4.0 Reference Guide 321
If all the attempts do not make a reliable connection within the timeout period, the client
stops trying to contact the RADIUS server. The default is 3.
Note
The maximum tries value includes the first attempt. For example, a value of 3 means the
client makes two additional attempts to contact the RADIUS server after the first
attempt.
13. Click Apply, and then click Save to make your changes permanent.
Repeat steps 1 through 14 to configure additional RADIUS authentication profiles. You must
configure a RADIUS authentication server for each profile even if you associate the new profile
with a server that you previously configured for an existing RADIUS authentication profile.
Repeat steps 8 through 14 of this procedure to configure additional AAA RADIUS
authentication servers only.
Configuring TACACS+
The TACACS+ authentication mechanism allows a remote server that is not part of IPSO to
authenticate users (checks passwords) on behalf of the IPSO system. TACACS+ encrypts
transmitted passwords and other data for security.
In the IPSO 3.6 release, TACACS+ is supported for authentication only, and not for accounting.
Challenge-response authentication, such as S/Key, over TACACS+ is not supported by IPSO at
this time.
You can configure TACACS+ support separately for various services. The Network Voyager
service is one of those for which TACACS+ is supported and is configured as the httpd service.
When TACACS+ is configured for use with a service, IPSO contacts the TACACS+ server each
time it needs to check a user password. For the Network Voyager service this occurs for each
HTTP request (every page view). If the server fails or is unreachable, the password is not
recognized and you are not allowed access. In Network Voyager, this denial is effective
immediately. Before you change the Network Voyager configuration, confirm any new
configuration.
To configure TACACS+ servers for a single authentication profile
1. Click AAA under Configuration > Security and Access in the tree view.
2. In the Auth. Profile section, enter a name for the TACACS+ service in the New Auth. Profile
text box.
For more information, see “Creating an Authentication Profile.”
3. Click Type and select TACPLUS from the drop-down list as the type of service.
4. Click Control and select required, requisite, sufficient, optional or NOKIA-SERVER-
AUTH-SUFFICIENT from the drop-down list to determine the level of authentication to
apply to a profile.
For more information, see “Profile Controls.”