Using authentication methods – Avocent CCM User Manual

30 CCM Installer/User Guide

3. To display the access rights and level for one or all users, issue a Show User command.

SHOW USER <username>|ALL

For more information, see Managing User Accounts on page 27 plus User Add command on
page 87, User Set command on page 89 and Show User command on page 83.

Using Authentication Methods

The CCM appliance supports several methods for authenticating users: local, RADIUS and none.
Multiple connection and authentication methods may operate concurrently. By default,
authentication is performed at the local CCM user database.

Local authentication

Local authentication uses the CCM appliance internal user database to authenticate users. You may
optionally specify both local and RADIUS authentication, in either order. In this case,
authentication will be attempted initially on the first method specified. If that fails, the second
method will be used for authentication.

RADIUS authentication

RADIUS authentication uses an external third party RADIUS server containing a user database to
authenticate CCM appliance users. The CCM appliance, functioning as a RADIUS client, sends
usernames and passwords to the RADIUS server. If a username and password do not agree with
equivalent information on the RADIUS server, the CCM appliance is informed and the user is denied
CCM access. If the username and password are successfully validated on the RADIUS server, the
RADIUS server returns an attribute that indicates the access rights defined for that username.
To use RADIUS authentication, you must specify information about the primary RADIUS server
and optionally, a secondary RADIUS server to be used as a backup.
The RADIUS server definition values specified in CCM appliance commands must match
corresponding values configured on the RADIUS server. On the RADIUS server, you must include
CCM appliance-specific information: the list of valid users and their access rights for the CCM
appliance. Each user-rights attribute in the RADIUS server’s dictionary must be specified as a
string containing the user’s access rights for the CCM appliance, exactly matching the syntax used
in the CCM User Add command.
Consult your RADIUS administrator’s manual for information about specifying users and their
attributes. The exact process depends on the RADIUS server you are using.
You may optionally specify both RADIUS and local authentication, in either order. In this case,
authentication will be attempted initially on the first method specified. If that fails, the second
method will be used for authentication.
When port group names are used, the CCM appliance will parse group names coming from a
RADIUS server, and allow access according to group content.