H3C Technologies H3C Intelligent Management Center User Manual
Page 595
577
{
Username Prefix Conversion Mode—Configure the conversion method for account names
containing a backslash (\). Options are Change to Suffix and Remove. If you select Change to
Suffix, UAM converts the content before the backslash into the suffix, for example, aaa/bbb
converted into bbb@aaa. If you select Remove, UAM removes the content before the backslash,
for example, aaa/bbb converted into bbb.
{
Renew Access Details at Midnight—If you select Enable, UAM generates two entries of the
access details for each access user that is online at 00:00, one entry before 00:00 and the
other entry after 00:00. If you select Disable, UAM generates the online details only after the
user goes offline.
{
Check Username in Certificate—If you select Yes, UAM checks whether the user account is
consistent with the username in the certificate during certificate authentication. If they are
consistent, the user passes the authentication; if not, the user cannot pass the authentication. If
you select No, UAM does not check the consistency between the user account and the username
in the certificate.
{
Log off Duplicate Account—Set whether or not to log off a duplicate account. This field takes
effect only when the number of online access users is set to 1. If you select Enable, UAM logs off
an online user when another user logs in by using the same account and another user using the
same account can successfully logs on. If you select Disable, UAM does not log off the online
user and another user using the same account fails to log in.
{
Add Invalid Client to Blacklist—Configure whether or not to immediately blacklist a user
accessing from an invalid client. The Enable option allows UAM to immediately blacklist users
that attempt to access the network using invalid clients. The user is automatically released the
next day or manually released by an administrator. The Disable option does not provide the
restrictions.
{
Client Protection Password/Confirm Password—Specify a protection password. This parameter
determines the protection password on the iNode client by cooperating with the password
protection function in the iNode management center. To validate this parameter, you must
enable the policy server (see "
Configuring policy server parameters
"). Follow these guidelines
when you specify this parameter:
−
1. The parameter is ineffective on the iNode client that does not support client password
protection.
−
2. The parameter is effective on the iNode client that supports client password protection
and is configured with a default password. However, the client protection password is not
effective until the iNode client passes authentication at the first time. Before the iNode client
passes authentication, the default password applies.
−
3. If you do not set the client protection password, the default password applies to the iNode
client that supports client password protection and is configured with a default password.
−
4. If you clear the client protection password later, the latest effective password applies to
the iNode client that supports password protection and is configured with a default
password. For more information about the criteria for validating the password, see Rule 2.
{
Max Auto-Learned MAC Addresses—Set the maximum number of MAC addresses that can be
automatically learned by each user account. For more information, see "
{
User Authentication Test Mode—If you enable the user authentication test mode, UAM replies
with authentication success even when the authentication fails, and logs the failure event. The
user authentication test mode helps you collect and analyze authentication failure causes
without affecting network usage. It is typically used in the test phase of UAM deployment.