Manualshelf

User`s guide

ManualsBrandsAMD ManualsComputer equipmentLE-363 User's
291292293294295296297298299300
Chapter 15 User Authorization and Access Control 265
When deleting the role group mapping the AD groups remain configured on the
AD/LDAP server. The remove ims role-group-mapping command deletes the
mapping only, and with the mapping gone, no regular expression matching occurs.
You can make edits to existing role group mapping through the set ims role-
group-mapping command instead of deleting and recreating the mapping.
Using RADIUS as the IMS
RADIUS uses either CHAP or PAP (default) authentication. You can configure up to
five servers. Each RADIUS server has equal preference (no ranking).
When using RADIUS as the IMS, use the following process:
1. Configure the AD server in XgOS as described in “Example: RADIUS IMS Server
With Default Authentication” on page 266 or “Example: RADIUS IMS Server With
CHAP Authentication” on page 266
2. Add RADIUS users to the configuration as described in “Configure RADIUS
Users and Roles” on page 267.
3. Set the IMS to the configured server.
4. For an example, see “Example: Set IMS to a RADIUS Server” on page 268.
Syntax
add ims radius-server <server-name> <host[:port]> <user-name>
-authentication-type={CHAP|PAP|default}
add ims radius-server <server-name> host[:port]> <user-name>
-retries={<number>|default}
add ims radius-server <server-name> host[:port]> <user-name>
-timeout={<number>|default}
add ims radius-user <name> <role>
set ims radius-server <name> <options>
set ims radius-user <name> [-descr] <roles>
remove ims radius-server <name>
remove ims radius-user [<name>|*]
show ims radius-server [<name>|*][-detail]
show ims radius-user [<name>|*]