1101 and 1102 Secure Device Servers
14.4 Adding and Removing User Groups
The console server is configured with a few default user groups (even though only two of these groups are visible in the Management Console GUI). To find out how many groups are already present:
# config -g config.groups.total
Assume this value is six. Make sure you number any new groups you create from seven and up.
To add a custom group to the configuration with Group name=Group7, Group description=MyGroup and Port access= 1,5 you’d issue the commands:
#config
#config
#config
#config
#config
Assume we have an RPC device connected to port 1 on the console manager, and the RPC is configured. To give this group access to RPC outlet number 3 on the RPC device, run the two commands below:
#config
#config
If more groups are given access to this power outlet, then increment the 'config.ports.port1.power.outlet3.groups.total' element accordingly.
To give this group access to network host 5:
#config
#config
To give another group called 'Group8' access to the same host:
#config
#config
To delete the group called Group7, use the following command:
# rmuser Group7
Attention: The rmuser script is a generic script to remove any config element from config.xml correctly. However, any dependencies or references to this group will not be affected. Only the group details are deleted. The Administrator is responsible for going through config.xml and removing group dependencies and references manually, specifically if the group had access to a host or RPC device.
The following command will synchronize the live system with the new configuration:
#config –a
14.5Authentication
To change the type of authentication for the console server:
#config
Local LocalTACACS
TACACS TACACSLocal TACACSDownLocal LocalRADIUS
RADIUS RADIUSLocal RADIUSDownLocal LocalLDAP
LDAP LDAPLocal LDAPDownLocal
124 |