14: User Authentication
EMG™ Edge Management Gateway User Guide
313
Similar to RADIUS, the main function of is to perform authentication for remote access.
The EMG supports the protocol (not the older TACACS or XTACACS protocols).
The system administrator can configure the EMG unit to use to authenticate users
attempting to log in using the Web, Telnet, SSH, or the console port.
Users who are authenticated through are granted device port access through the port
permissions on this page.
All users are members of a group with associated predefined user rights. You may add
additional user rights that are not defined by the group.
Groups
This section describes how a priv_lvl assigned to a user can be mapped to a EMG
custom
, which will set the permissions and port rights for a user when they
login to the EMG.
users are typically configured to have a privilege level 0-15, with each level
representing a privilege level that is a superset of the next lower value. The privilege level can be
assigned to individual users, or to groups that the user is a member of. When the EMG
authenticates a user, it will first send an authentication request to the server,
and wait for an authentication reply. If the user is successfully authenticated, the EMG will next
send an authorization request to the server with the
Service
and optional
Protocol
.
The EMG will wait for an authorization response that will indicate if the user was successfully
authorized for the requested service and protocol, and also contains a set of attribute-value pairs
which define the attributes associated with the user.
The
priv_lvl
or
priv-lvl
is the only attribute sent from the server that the EMG will
recognize and utilize. The privilege level number will be used to map to a EMG custom user group
by finding a group with a name that ends in the same number as the priv_lvl. For example, a EMG
group called "admin15" will map to any users with priv_lvl equal to 15; a EMG group
called "manager8" will map to any users with priv_lvl equal to 8, and a EMG group
called "readonly0" will map to any users with priv_lvl equal to 0. If two EMG groups
ending with the same number exist, the EMG will select the first matching group it finds while
searching the group list; for consistency it is recommended that only one EMG group exist for each
priv_lvl.
When a user authenticates to the EMG, the Authentication Log will record any priv_lvl
attribute-value pair returned by the server:
Sep 21 15:44:38 2017 slc431d SLC-SLB/x15login[2839]:
pam_sm_authenticate: server returned attribute `PRIV_LVL=14'
Any priv_lvl obtained for a user can also be viewed at the CLI with the
show user
command.
To configure the EMG unit to use to authenticate users:
1. Click the
tab and select
. The following page displays.
Summary of Contents for EMG Series
Page 100: ...7 Networking EMG Edge Management Gateway User Guide 100 Figure 7 5 Network Wireless Settings...
Page 353: ...15 Maintenance EMG Edge Management Gateway User Guide 353 Figure 15 12 About EMG...
Page 474: ...EMG Edge Management Gateway User Guide 474 Figure E 3 EU Declaration of Conformity...
Page 475: ...EMG Edge Management Gateway User Guide 475 Figure E 4 EU Declaration of Conformity continued...