Configure User Authorization and Authentication Services Using CLI

Note: These functions can also be performed from the Remote Console. See Configure User Authentication from the Remote Console.

SX II requires users be authenticated to access the appliance.

Authentication is the process of verifying that a user is who he says he is. Once a user is authenticated, the user's group is used to determine his system and port permissions. The user's assigned privileges determine what type of access is allowed. This is called authorization.

Users can be authenticated via SX II locally or remotely.

By default, users are authenticated locally; you must enable remote authentication.

When the SX II is configured for remote authentication, the external authentication server is used primarily for the purposes of authentication, not authorization.

SX II provides several options to remotely authenticate users -

Enter admin > Config > Authentication to access the menu.

Authentication Method

Command

Description

Parameters

authmode

Set the authentication mode.
  • mode <local|ldap|radius|tacacs>

LDAP Configuration

The LDAP configuration menu offers commands to set up LDAP and LDAPS.

Enter admin > Config > Authentication > ldap to access the menu.

Command

Description

Parameters

ldap

Configure secure LDAP authentication mode.
  • primip <ipaddress | hostname> - Primary server IP address
  • secip <ipaddress | hostname> - Secondary server IP address
  • port <value> - LDAP port
  • basedn <Base DN> - Admin user DN
  • secret <value> - Admin user authentication secret
  • search <value> - User search DN
  • dialback <value> - Dialback search query
  • domain <Active Directory Domain> - Active Directory domain
  • referral <true | false> - LDAP search referrals
  • server <generic | ads> - Server type, Active Directory or Generic

ldaps

Set/Get secure LDAP authentication mode.
  • port <value> - Secure LDAP port
  • enable <true | false> - Secure LDAP enable (true), disable (false)
  • verify <true | false> - LDAPS certificate validation enable (true), disable (false)

ldapscert

Retrieve a LDAPS certificate.
  • address <ipaddress | hostname> - FTP server address
  • port <FTP port>- FTP server port (default 21)
  • path <path to file> - Path to FTP certificate
  • user <FTP username> - FTP username
  • password <FTP password> - FTP password (prompted if missing)

testldap

Used to test LDAP settings.
  • login <LDAP user> - LDAP login to test
  • password <LDAP users password>

     

RADIUS Configuration

The RADIUS menu provides access to commands used to configure access to a RADIUS server.

The dictionary file must be created at the following location.

/user/share/freeradius/

# -*- text -*-

#

# dictionary.raritan

#

# Version: $Id$

#

VENDOR Raritan 8267

#

# Standard attribute

#

BEGIN-VENDOR Raritan

ATTRIBUTE Raritan-Vendor-Specific 26 string

END-VENDOR Raritan

Update RADIUS users to use the new attribute in the users file, which is usually located at /etc/raddb/.

Raritan-Vendor-Specific = "G{Administrator}"

Note: If a filter ID and a vendor specific attribute are present, the vendor specific attribute is used.

Enter admin > Config > Authentication > RADIUS to access the menu

Command

Description

Parameters

primaryradius

Access to configure the primary RADIUS settings.
  • ip <ipaddress | hostname> - IP Address
  • secret <value> - RADIUS authentication secret
  • authport <value> - RADIUS authentication port
  • acctport <value> - RADIUS accounting port
  • timeout <value> - RADIUS timeout (in seconds)
  • retries <value> - RADIUS retries
  • chap <true | false> - CHAP enable/disable (true/false)

secondaryradius

Access to configure the secondary RADIUS settings.
  • ip <ipaddress | hostname> - IP Address
  • secret <value> - RADIUS authentication secret
  • authport <value> - RADIUS authentication port
  • acctport <value> - RADIUS accounting port
  • timeout <value> - RADIUS timeout (in seconds)
  • retries <value> - RADIUS retries
  • chap <true | false> - CHAP enable (true), disable (false)

     

TACACS+ Configuration

The TACACS+ menu offers commands used to configure access to a TACACS+.

Enter admin > Config > Authentication > TACACS+ to access the menu.

Command

Description

Parameters

primarytacacs

Used to configure the primary TACACS+ settings.
  • ip <ipaddress | hostname> - IP Address
  • secret <value> - TACACS+ authentication secret
  • port <value> - TACACS+ port
  • timeout <value> - TACACS+ timeout (in seconds)
  • retries <value> - TACACS+ retries

secondarytacacs

Used to configure the secondary TACACS+ settings.
  • ip <ipaddress | hostname> - IP Address
  • secret <value> - TACACS+ authentication secret
  • port <value> - TACACS+ port
  • timeout <value> - TACACS+ timeout (in seconds)
  • retries <value> - TACACS+ retries

     

See Also

Administering SX II Using command line interface

Change Your Password Using CLI

Configure Power Strips Using CLI

Configure and Manage Users and User Groups Using CLI

Configure a Modem Using CLI

Run an Autoconfiguration Script Using CLI

Configure Network Settings Using CLI

Configure Device Settings Using CLI

Configure SNMP Traps and Alerts Using CLI

Configure Date and Time Settings Using CLI

Change the Default GUI Language Setting Using CLI

Configure SMTP Events and Notifications Using CLI

Configure Port Logging Settings Using CLI

Configure Ports Using CLI

Configure the Local Port Using CLI

Configure Security Settings Using CLI

Configure Maintenance Settings Using CLI

Configure Diagnostic Settings Using CLI