Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER
41424344454647484950
OmniAccess SafeGuard OS Administration Guide
43
Chapter 2: Accessing and Managing the System
Configuring Local Authentication for Management Users
Users are set up in the authentication database by assigning them to a set of roles usually
defined by group and then by mapping a set of authentication protocol-specific attributes
and their values to a role. The attributes are first obtained by user authentication against
the local authentication database. If the user does not authenticate against the local
database, you can configure the user to authenticate against a centralized RADIUS
database as a backup.
Creating Authentication Lists
In most instances, users are assigned roles based on their group or job responsibilities. To
identify those groups of users, you need to create a list for each distinct user group.
Use the aaa mgmt-user authentication login command in Global Configuration mode to
create a user group or organizational list.
aaa mgmt-user authentication login listname {methods}
The following example creates an authentication list for a group of sales people. The
group uses local authentication as the only authentication method and users who are
unable to authenticate using that method are denied access to the network:
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #aaa mgmt-user authentication login salesList local
reject
(SafeGuardOS) (config) #exit
(SafeGuardOS) #
Displaying the Authentication Login List
To verify the contents and methods being used for authentication, use the show aaa
mgmt-users authentication-list command in Privileged Exec mode:
Syntax Description listname The name of the list being created. A list
name can be up to 15 characters long.
methods One or more authentication methods used to
authenticate this group of users. You may
specify up to 3 non-repeating methods. If not
specified, the system uses the default-list. If
less than 3 methods are specified, the
remaining methods are classified as
undefined. Specify the method in the order
of precedence you want to run. Valid values
for methods are:
local – Use local authentication.
RADIUS – Use remote RADIUS
authentication.
Reject – Deny the user.