_____________________________________________________________________
724-746-5500 | blackbox.com
Page 174
Select
Serial & Network:
Authentication
Select the relevant
Authentication Method
Check the
Use Remote Groups
button
9.1.7 Remote groups with RADIUS authentication
Enter the RADIUS
Authentication and Authorization Server Address
and
Server Password
Click Apply.
Edit the Radius user’s file to include group information and restart the Radius server
When using RADIUS authentication, group names are provided to the
console server
using the
Framed-Filter-Id attribute. This is a standard RADIUS attribute, and may be used by other devices
that authenticate via RADIUS.
To interoperate with other devices using this field, the group names can be added to the end of any
existing content in the attribute, in the following format:
:group_name=testgroup1,users:
The above example sets the remote user as a member of testgroup1 and users if groups with those
names exist on the
console server
. Any groups which do not exist on the
console server
are ignored.
When setting the Framed-Filter-Id, the system may also remove the leading colon for an empty field.
To work around this, add some dummy text to the start of the string. For example:
dummy:group_name=testgroup1,users:
If no group is specified for a user, for example AmandaJones, then the user will have no User
Interface and serial port access but limited console access
Default groups available on the
console server
include ‘admin’ for administrator access and
‘users’ for general user access
TomFraser
AmandaJones
FredWhite
JanetLong
Cleartext-Password := ”FraTom70”
Framed-Filter-Id=”:group_name=admin:”
Cleartext-Password := ”JonAma83”
Cleartext-Password := ”WhiFre62”
Framed-Filter-Id=”:group_name=testgroup1,users:”
Cleartext-Password := ”LonJan57”
Framed-Filter-Id=”:group_name=admin:”
Additional local groups such as testgroup1 can be added via
Users & Groups: Serial &
Network
9.1.8 Remote groups with LDAP authentication
Unlike RADIUS, LDAP has built in support for group provisioning, which makes setting up remote groups
easier. The console server will retrieve a list of all the remote groups that the user is a direct member of,
and compare their names with local groups on the
console server
.
Note:
Any spaces in the group name will be converted to underscores.