Enabling Radius in PicOS OVS Mode
Perform the following steps to enable Radius in PicOS OVS mode:
Enable user map
admin@PicOS-OVS$sudo /pica/bin/usermap_disable.sh false
Enable Radius on the PicOS switch.
admin@PicOS-OVS$sudo /pica/bin/radius_disable.sh false
Configure the IP address of the external Radius server on the PicOS switch. In the following example, IP address of the Radius server is 1.1.5.41 and the shared key is abc.
admin@XorPlus$cat /etc/pam_radius_auth.conf 1.1.5.41:1812 abc 1
Users on the Radius server must be super users. The following example shows the Radius record for user test8.Â
test8 Cleartext-Password := "pica8" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 172.16.3.33, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = "std.ppp", Framed-MTU = 1500, Framed-Compression = Van-Jacobsen-TCP-IP, Class = "super-user"
Login to the switch via SSH and execute Linux shell commands.
build@dev-18:$ ssh 10.10.51.145 -l test8 test8@10.10.51.145's password: test8@PicOS-OVS:~$ version Copyright (C) 2009-2014 Pica8, Inc. =================================== Hardware Model : P-3290 Linux System Version/Revision : 1.1/20809 Linux System Released Date : 03/21/2015 L2/L3 Version/Revision : 1.1/20809 L2/L3 Released Date : 03/21/2015 OVS/OF Version/Revision : 1.1/20809 OVS/OF Released Date : 03/21/2015 test8@PicOS-OVS:~$ pwd /home/test8 test8@PicOS-OVS:~$
The Radius user must use the full path to execute OVS commands, as shown below:
test8@PicOS-OVS$sudo /ovs/bin/ovs-ofctl show br0 OFPT_FEATURES_REPLY (OF1.4) (xid=0x2): dpid:5e3ee89a8f503d30 n_tables:254, n_buffers:256 capabilities: FLOW_STATS TABLE_STATS PORT_STATS GROUP_STATS OFPST_PORT_DESC reply (OF1.4) (xid=0x3): 1(ge-1/1/1): addr:e8:9a:8f:50:3d:30 config: 0 state: LINK_DOWN current: COPPER AUTO_NEG advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG speed: 0 Mbps now, 1000 Mbps max LOCAL(br0): addr:e8:9a:8f:50:3d:30 config: 0 state: LINK_UP current: 10MB-FD COPPER supported: 10MB-FD COPPER speed: 10 Mbps now, 10 Mbps max OFPT_GET_CONFIG_REPLY (OF1.4) (xid=0x5): frags=normal miss_send_len=0 Â test8@PicOS-OVS:~$ sudo ovs-vsctl show 395575df-5939-45af-8e4c-d99da4c442dc Bridge "br0" Port "ge-1/1/1" tag: 1 Interface "ge-1/1/1" type: "pica8" Port "br0" Interface "br0" type: internal
User can also modify the path by editing the /etc/sudoers file, so that Radius users can execute OVS commands directly. Change the value of Defaults secure_path from "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/ovs/bin:/ovs/sbin" to another desired value.
test8@PicOS-OVS:~$ sudo cat /etc/sudoers # # This file MUST be edited with the 'visudo' command as root. # # Please consider adding local content in /etc/sudoers.d/ instead of # directly modifying this file. # # See the man page for details on how to write a sudoers file. # Defaults env_reset Defaults mail_badpass Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/ovs/bin:/ovs/sbin" # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL %xorp ALL=(ALL) NOPASSWD: NOPASSWD: ALL %root ALL=(ALL) NOPASSWD: NOPASSWD: ALL # See sudoers(5) for more information on "#include" directives: #includedir /etc/sudoers.d
Copyright © 2024 Pica8 Inc. All Rights Reserved.