Configuring local user attributes, Configuring, Local user attributes – H3C Technologies H3C S5120 Series Switches User Manual

1-15

z

With the accounting optional command configured, a user that would be otherwise disconnected

can still use the network resources even when no accounting server is available or communication

with the current accounting server fails.

z

The local accounting is not used for accounting implementation, but together with the attribute

access-limit command for limiting the number of local user connections. However, with the

accounting optional command configured, the limit on the number of local user connections is not

effective.

z

The accounting method specified with the accounting default command is for all types of users

and has a priority lower than that for a specific access mode.

z

With the radius-scheme radius-scheme-name local keyword and argument combination

configured, local accounting is the backup method and is used only when the remote server is not

available.

z

If the primary accounting method is local or none, the system performs local accounting or does

not perform any accounting, and will not use the RADIUS accounting scheme.

z

In login access mode, accounting is not supported for FTP services.

Configuring Local User Attributes

For local authentication, you need to create local users and configure user attributes on the device as

needed.

A local user represents a set of user attributes configured on a device and is uniquely identified by the

username. For a user requesting a network service to pass local authentication, you must add an entry

as required in the local user database of the device.

Each local user belongs to a local user group and bears all attributes of the group, such as the

authorization attributes. For details about local user group, refer to

Configuring User Group Attributes

.

You can configure an authorization attribute in user group view or local user view, making the attribute

effective on all local users of the group or only the local user. An authorization attribute configured in

local user view takes precedence over the same attribute configured in user group view.

Follow these steps to configure the attributes for a local user:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Set the password display mode for
all local users

local-user
password-display-mode { auto
| cipher-force }

Optional

auto by default, indicating
to display the password of
a local user in the way
indicated by the password
command.

Add a local user and enter local
user view

local-user user-name

Required

No local user exists by
default.

Configure a password for the local
user

password { cipher | simple }
password

Optional