Black Box 16 port User Manual
Size:
3.11 Mb
Download

About user accounts and RADIUS

 

Overview

 

You can have a maximum of 32 user accounts on the Console Server. You will also be

 

able to configure user accounts on the RADIUS host. Therefore some users can be

 

authenticated by the unit, other users by RADIUS. You could have other combinations

 

of maintaining user accounts; i.e. duplicated on both the unit and the RADIUS host or,

 

alternatively all user accounts stored on the RADIUS host only.

 

 

Caution

when a user is authenticated by RADIUS the unit starts a user service - such as telnet

 

or SLIP - based on instructions passed down by the RADIUS host. User parameters -

 

such as ‘service’ or ‘ip_host’ are taken entirely from the RADIUS host.

When RADIUS authenticates users

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Caution

If you set the port to authenticate by RADIUS only, users will not be able to dial in and

 

connect if the network connection is down (no access to RADIUS server).

 

 

 

 

 

 

 

 

Black Box Console Server user guide

95

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Black Box Console Server user guide

96

 

 

 

 

 

 

Example RADIUS user file: telnet service

davePassword = "garage" User-Service=Callback-login,Login-Host= 192.101.34.199,Login-Service= Telnet,Login-TCP-Port= 23,

Class = "Indirect Sales Group",

Session-Timeout= 1800,

Idle-Timeout= 600,

CallBack-Number= "3592"

An explanation of the file shown in Example RADIUS user file: telnet service on page 98 is as follows:

-the file contains a mixture of user parameters (e.g. callback-number)and line parameters (e.g.login-host).

-this user has been authenticated by RADIUS; therefore, all user parameters are passed down to the unit in this file.

-if you also have user ‘dave’ listed in the unit’s user table (i.e. a duplicate entry - we do not recommend this action) all the user parameters configured in the unit for user ‘dave’ will be overridden by the parameters in the RADIUS file; (for the user to be authenticated by the RADIUS host, where you have a duplicate entry, the password for ‘dave’ in the unit would have to be different to that entered in the RADIUS user’s database or authentication in the unit would have to be set to RADIUS (i.e. RADIUS only)).

-Class = "Indirect Sales Group" is a RADIUS class attribute. The unit can only process a string of maximum 32 characters; therefore limit your string to this size. In this example "Indirect Sales Group" is 20 characters (including spaces).

-line parameters override those configured in the unit; see Configuring a dial in line on page 74 for a more detailed discussion on line parameters.

Black Box Console Server user guide

97