User Guide
OmniAccess SafeGuard OS Administration Guide
45
Chapter 2: Accessing and Managing the System
The following example shows the disabling RADIUS authentication of non-configured
users:
(SafeGuardOS) (config) # no aaa mgmt-user defaultlogin salesList
(SafeGuardOS) (config) #
Configuring RADIUS Users for Management Users
In order to provide administrative privileges to remote RADIUS users, the Service-Type
field in RADIUS must be configured to return the appropriate value. Configure the
RADIUS server to return Service-Type = 1 or Login
for priv-user, Service-Type = 7 or
NAS Prompt for exec-user. For FreeRadius, Service-Type = NAS-Prompt-User and
Service-Type = Login-User.
Different implementations of RADIUS might have slight variations on how to set this
field. See Tab le 5 for some examples of this field, and see your RADIUS product
documentation for further help.
In the following example, MyCompany uses FreeRADIUS. Users Moe and Larry are
setup for administrative privileges while user Curley logs in as priv-user has most of the
privileges of the administrative user.
Table 5 RADIUS Service-Type Settings
Implementation Service-Type
FreeRADIUS 6 or Administrative-User
Microsoft IAS Administrative
SteelBelt RADIUS Administrative
Moe Auth-Type:=System
Service-Type=6
Login-Service=Telnet
Larry Auth-Type:=System
Service-Type=Administrative-User
Login-Service=Telnet
Curley Auth-Type:=System
Service-Type=Login-User
Login-Service=Telnet
Alcatel-Lucent-Role=”Curley-Alcatel-Lucent-
VSA”