Radius-server host – HP StorageWorks Enterprise File Services WAN Accelerator User Manual

Page 194

Advertising
background image

194

A - HP EFS WAN A

CCELERATOR

M

ANAGER

C

OMMAND

-L

INE

I

NTERFACE

Parameters

Usage

The order determines how the remote user mapping behaves. If the authenticated user
name is valid locally, no mapping is performed.The setting has the following
behaviors:

‹

remote-first. If a local-user mapping attribute is returned and it is a valid local
user name, map the authenticated user to the local user specified in the attribute.
If the attribute is not present or not valid locally, use the user name specified by
the default-user command. (This is the default behavior.)

‹

remote-only. Map only to a remote authenticated user if the authentication server
sends a local-user mapping attribute. If the attribute does not specify a valid local
user, no further mapping is attempted.

‹

local-only. All remote users are mapped to the user specified by the aaa
authorization map default-user <user name> command. Any vendor attributes
received by an authentication server are ignored.

To set TACACS+ authorization levels (admin and read-only) to allow certain
members of a group to log in, add the following attribute to users on the TACACS+
server:

service = rbt-exec {

local-user-name = "monitor"

}

where you replace monitor with admin for write access. To turn off general
authentication in the HP EFS WAN Accelerator Manager, enter the following
command at the system prompt:

aaa authorization map order remote-only

Example

minna (config) # aaa authorization map order remote-only

minna (config) #

radius-server host

Description

Adds a RADIUS server to the set of servers used for authentication. Some of the
parameters given can override the configured global defaults for all RADIUS servers.

For detailed information about configuring RADIUS servers, see the HP
StorageWorks Enterprise File Services WAN Accelerator Deployment Guide.

Syntax

radius-server host {host <hostname> | ip-address <ip address>}
[auth-port <port-number> | timeout <seconds> |
retransmit <retries> | key <string>]

<policy>

Specifies the order in which to apply the authentication policy: remote-only,
remote-first, local-only.

Advertising
Popular Brands
Popular manuals