| 
GE Multilin B30 Bus Differential System 5-135 SETTINGS 5.2 PRODUCT SETUP5To use local authentication:1. Log in as outlined (Administrator or Supervisor, then Observer).2. After making any required changes, log off using the Commands > Relay Maintenance > Security menu. Userslogged in through the front panel log out by logging in as None.Users logged in through the front panel are not timed out and cannot be forcefully logged out by asupervisor. Roles logged in through the front panel that do no allow multiple instances (Administrator,Supervisor, Engineer, Operator) must switch to None (equivalent to a logout) when they are done inorder to log out.To configure remote authentication:1. In the EnerVista software, in the login window, choose Device Authentication and log in as Administrator.2. Configure the following RADIUS server parameters: IP address, authentication port, shared secret, and vendor ID. Thefollowing procedure outlines how to set up a simple RADIUS server, where the third-party tool used is an example.a. Download and install FreeRADIUS from www.freeradius.net as the RADIUS server. This is a Windows 32-bit instal-lation that is known to work. If you try another third-party tool and it does not work, use the FreeRADIUS software fromfreeradius.net.b. Open the radius.conf file in the \etc\raddb folder, locate the "bind_address" field and enter yourRADIUS server IP address. An example isbind_address = 10.14.61.109Text editor software that supports direct editing and saving of UNIX text encodings and line breaks, such as EditPadLite, is needed for this editing.c. In the users.conf file in the \etc\raddb folder, add the following text to configure a user "Tester"with an Administrator role.Tester:->User-Password == "Testing1!1"->GE-UR-Role = Administratord. In the clients.conf file in the \etc\raddb folder, add the following text to define the UR as a RADIUSclient, where the client IP address is 10.0.0.2, the subnet mask is 255.255.255.0, the shared secret specified here isalso configured on the UR device for successful authentication, and the shortname is a short, optional alias that can beused in place of the IP address.client 10.0.0.2/24 {secret = testing123shortname = private-network-1}e. In the \etc\raddb folder, create a file called dictionary.ge and add the following content.# ########################################################### GE VSA's############################################################VENDOR GE 2910# Management authorizationBEGIN-VENDOR GE# Role IDATTRIBUTE GE-UR-Role 1 integerNOTICE |
