Owner's Manual
490 | Chapter 17. Security
NETGEAR 8800 User Manual
Configuring the Users File
To enable command authorization for a user, you must modify the users file entry for the user
by configuring the following attributes:
• Profile-Name=<profileName>
• NETGEAR-CLI-Authorization = Enabled
The following users file entries show different ways that these attributes are configured, and
they serve as an example for review later in this section.
user Password = ""
Filter-Id = "unlim"
admin Password = "", Service-Type = Administrative
Filter-Id = "unlim"
eric Password = "", Service-Type = Administrative, Profile-Name = ""
Filter-Id = "unlim"
Netgear:Netgear-CLI-Authorization = Enabled
albert Password = "", Service-Type = Administrative, Profile-Name =
"Profile1"
Filter-Id = "unlim"
Netgear:Netgear-CLI-Authorization = Enabled
lulu Password = "", Service-Type = Administrative, Profile-Name =
"Profile1"
Filter-Id = "unlim"
Netgear:Netgear-CLI-Authorization = Enabled
gerald Password = "", Service-Type = Administrative, Profile-Name "Profile2"
Filter-Id = "unlim"
Netgear:Netgear-CLI-Authorization = Enabled
Note: If authorization is enabled without specifying a valid profile, the user
is unable to execute any commands.
Configuring the Dictionary File
To support the NETGEAR-CLI-Authorization VSA in the users file, you must add this VSA
and the NETGEAR Vendor ID to the dictionary file. For more information, see
Configuring the
Dictionary File on page 489.
Configuring the Clients File
The RADIUS clients file lists the RADIUS clients that can access the RADIUS server. For all
clients that use RADIUS per-command authentication, you must add the following type to the
client file:
type:netgear:nas + RAD_RFC + ACCT_RFC