User Guide
OmniAccess SafeGuard OS Administration Guide
215
Chapter 6: Configuring Authentication and Role Derivation
In addition to the tabular format, the show aaa users command provides a detail version
as well. If this option is specified, the following information is printed for each user.
SATE Coded string that indicates the following information
using the following syntax: SATE
■ S – current state of the user, based on the state of the
users authentication. Possible values are: f (failed) or
s (success).
■ A – authentication type. Possible values are:
k (Kerberos), c (captive-portal), m (mac-radius),
r (radius), x (802.1x), w (white-list)
■ T – Interface type. Possible values are: h (normal host)
or r (L3 interface)
■ E – EPV state. Possible values are: u (unknown) or
h (healthy).
Login Time The login time of the user.
Field Description
Port Physical port on which the user was detected.
User Name Username of the user.
Domain Name Domain name for the user.
IP Address IP address for the interface of the user.
Auth Source The protocol that authenticated the user (such as
Kerberos, Captive-Portal or RADIUS).
Auth Server IP address of the server that authenticated the user. In
the case of Kerberos, this is the ticket-granting server. In
the case of RADIUS, the RADIUS server. If Captive-Portal,
it gives the IP of the backend server that authenticated
the user.
Login Time Time that the user was last seen logging in.
Last Refresh System up time as of the last authentication attempt by
the user.
Force logout If a protocol specific logout time is configured, this will be
show here.
White List Name or ID of the white-list entry, if any, that
authenticated the user.
Role Name Role name that the role derivation component has
assigned to the user.
Field Description