11: User Authentication
SLC™ 8000 Advanced Console Manager User Guide
200
To view RADIUS settings:
show radius
User Attributes & Permissions from LDAP Schema or RADIUS VSA
Remote user attributes (group/permissions and port access) can be obtained from an Active
Directory server's schema via the user attribute 'secureLinxSLCPerms', or from a RADIUS server's
Vendor-Specific Attribute (see below). This attribute is a set of parameter-value pairs. Each
parameter and value is separated by a space, and a space separates each parameter-value pair.
Whitespace is not supported in the value strings. The parameters that are supported are:
rights
- User rights. The value string is a comma-separated list of two letter user permissions.
Example: "nt,wb,ra".
data
- Data port access. The value string specifies the list of ports the user has 'direct' access
to. Example: "2,4-18,U1,U2".
listen
- Listen port access. The value string specifies the list of ports the user has 'listen'
access to.
clear
- Clear port access. The value string specifies the list of port buffers the user has the
right to clear.
group
- User group. Valid values for the value string are "default", "power", and "admin", and
any SLC custom group name. If a custom group name is specified and it matches a current
SLC custom group name, any rights attribute will be ignored, and the custom group's rights
(permissions) will be used instead. A group name with spaces cannot be specified.
escseq
- Escape sequence. The value string specifies the user's escape sequence. Use "\x"
to specify non-printable characters. For example, "\x1bA" specifies the sequence "ESC-A".
brkseq
- Break sequence. The value string specifies the user's break sequence.
menu
- Custom user menu. The value string specifies the user's custom user menu.
display
- Display custom user menu when a user logs into the CLI. Valid values for the value
string are "yes" and "no".
dbnumber
- Dial-back number. The value string specifies the user's dial-back number for
modem dial-back connections.
allowdb
- Allow a user to have dial-back access. Valid values for the value string are "yes"
and "no".
RADIUS servers will need to be configured to support the Lantronix Vendor-Specific Attribute. For
example, on a FreeRADIUS server, the dictionary will need be updated with the Lantronix
definition by including the contents below in a file named
dictionary.lantronix
, and including it in the
RADIUS server dictionary definitions by adding the appropriate
$INCLUD
E directive to the main
dictionary file.
# dictionary.lantronix
#
# Lantronix SLC Console Manager
# Provides SLC-specific user attributes
#
VENDOR Lantronix 244
BEGIN-VENDOR Lantronix
ATTRIBUTE Lantronix-User-Attributes 1 string