Configuring advanced settings – Nortel Networks 5500 series User Manual

Page 179

Advertising
background image

Configuring authentication

179

Configuring advanced settings

You can configure the Nortel SNAS domain to use one method for
authentication and another for authorization.

For example, there are three authentication methods configured for the
domain: Local (auth ID 1), RADIUS (auth ID 2), and LDAP (auth ID 3).
The user groups are stored in an LDAP database. You can configure the
domain to have the Local and LDAP methods used for authorization after
users have been authenticated by RADIUS. In this example, the command
is:

/cfg/doamin #/aaa/auth #/adv/groupauth 1,3

. When a user

logs on through RADIUS, the system first checks the RADIUS database.
If no match is found, the system checks the other authentication schemes
(in the order in which you listed them in the

groupauth

command) to

see if the user name can be matched against user groups defined in the
authentication databases. The first group matched is returned to the Nortel
SNAS as the user’s group, and determines the user’s access privileges
for the session.

To configure the current authentication scheme to retrieve user group
information from a different authentication scheme, use the following
command:

/cfg/doamin #/aaa/auth #/adv

The Advanced menu appears.

The Advanced menu includes the following options:

Table 33
Configuring Advance Settings

/cfg/doamin #/aaa/auth #/adv

followed by:

groupauth <auth IDs>

Specifies one or more preconfigured LDAP or
Local database authentication schemes (not
including the current one) that will be used to
retrieve the user’s group information after the
user has been authenticated.

To specify more than one authentication
method to use for authorization, enter the auth
IDs separated by a comma (,).

secondauth <auth ID>

Specifies a second authentication service
to be used after the first one succeeds. The
feature supports single sign-on to backend

Nortel Secure Network Access Switch

Using the Command Line Interface

NN47230-100

03.01

Standard

28 July 2008

Copyright © 2007, 2008 Nortel Networks

.

Advertising
This manual is related to the following products:

450 series, 325 series, 425 series

Popular Brands
Popular manuals