Manuals / Casio / Computer Equipment / Personal Computer

Casio ACS V6000 manual To configure a group in a TACACS+ authentication server

Models: ACS V6000

1 58

Download 58 pages 32.52 Kb

Page 50

To configure a group in a TACACS+ authentication server:

Chapter 3: Accessing a Virtual Console Server via the Web Manager 45

To configure a group in a TACACS+ authentication server:

1.On the server, add raccess service to the user configuration.

2.Define which group(s) the user belongs to in the raccess service following this syntax: group_name = <Group1>[,<Group2,...,GroupN>];

For example:

In the virtual console server, configure a new authorization group TACACS_1 , and configure the access rights for this group. In the TACACS+ server, configure the user regina with the following attribute:

raccess = group_name=TACACS_1

Then, configure the user special with the following attribute: raccess = group_name=admin

During the authentication phase, the virtual console server will receive the attribute raccess from the TACACS+ server. The user regina belongs to the authorization group TACACS_1 and the user special belongs to the authorization group admin.

To configure a group in a RADIUS authentication server:

Define which group(s) the user belongs to in the attribute FRAMED_FILTER_ID with the following syntax:

[:group_name=]<acs6000_group1>[,<acs6000_group2>];

NOTE: The group names should be separated by a comma and end with a semi-colon.

NOTE: The virtual console server accepts multiple FRAMED_FILTER_ID attributes.

For example:

In the virtual console server, configure new authorization groups RADIUS_1 and RADIUS_2, and configure the access rights for these groups. In the Radius server, configure the user regina with the following attribute:

FramedFilterID : FramedFilterID = group_name=RADIUS_1,RADIUS_2;

-or-

FramedFilterID = RADIUS_1,RADIUS_2;

-or-

FramedFilterID = RADIUS_1;

FramedFilterID += RADIUS_2;

Then, configure the user special with the following attribute:

FramedFilterID as group_name=admin

Image 50

Casio ACS V6000 manual To configure a group in a TACACS+ authentication server, raccess = groupname=TACACS1

Contents

Installation/Administration/User Guide Page Installation/Administration/User Guide 2010 Avocent Corporation. 590-1034-501BAuthentication Features and BenefitsAccess options Data logging, notifications, alarms and data bufferingAppliance authentication SettingsSNMP Configuration Authentication serversIntroduction Features and BenefitsAccess options Flexible users and groups Web ManagerIPv4 and IPv6 support VPN based on IPSec with NAT traversal AuthenticationSecurity Packet filteringData logging, notifications, alarms and data buffering Auto discoveryACS v6000 virtual console server requirements InstallationTo create the virtual machine using the vSphere client To install the virtual console server onto the virtual machine Using Telnet or SSH To use Telnet to connect to a device through a serial port # telnet hostname IPaddress TCPPortAlias login username# telnet IPPortAlias login username # telnet hostname IPaddressssh -l usernameTCPPortAlias hostname IPaddress To close an SSH sessionssh -l username IPPortAlias 10 ACS v6000 Installation/Administration/User Guide To log into the web manager Accessing a Virtual Console Server 3 via the Web ManagerWeb Manager Overview for Administrators Figure 3.1 Administrator Web Manager Screen Wizard Mode12 ACS v6000 Installation/Administration/User Guide Table 3.1 Web Manager Screen Areas Number DescriptionTo configure security parameters and select a Security Profile To configure Ports To configure network parametersTo configure licenses To configure users and change the default user passwords Expert ModeAccess To view and connect to devices using the web managerSecurity profiles System ToolsSystem 1. Select System - Security - Security Profile To configure the Security ProfileTo configure DSView 3 software security settings 1. Select System - Security - DSViewTo set the time zone using a predefined time zone To set the time and date using NTP2. Select Enable network time protocol To define custom time zone settingsUsage VM SettingsInformation Online helpvCenter To configure a vCenterTo add an association by Datacenter License To power control targets using the web managerNetwork Select IPv4 address unconfigured to disable IPv4 SettingsTo configure a network device Select IPv6 address unconfigured to disable IPv6Firewall Configuring the firewallHosts To add a host1. Select Network - Firewall Protocol optionsTo add a chain 2. Select either IPv4 Filter Table or IPv6 Filter Table as neededTo add a rule To change the policy for a default chainIPSecVPN To edit a rule26 ACS v6000 Installation/Administration/User Guide 1. Click Network - SNMP SNMP ConfigurationTo configure SNMP Ports To enable or disable one or more serial portsTo configure or edit one or more serial ports with the CAS Profile Serial portsTable 3.5 CAS Profile Parameters ParameterDescription CAS ParameterDescription 30 ACS v6000 Installation/Administration/User GuideCtrl-X Parameter Enables the suppression of the LF character after the CR characterEnabled - stores data at all times. Disabled - stores data when a CAS DescriptionCAS Profile To copy/clone the configuration of one port to other portsTo reset one or more serial ports to their factory configuration Auto discoverya. Select Probe Strings or Match Strings To configure the strings for probe/match used by auto discoveryTo configure the input/output strings used by auto answer 1. Select Ports - CAS Profile - Auto Answer1. Click Ports - Pool of CAS Ports To configure a pool of CAS portsPool of CAS ports Authentication Table 3.6 Pool of CAS Ports Parameters Parameter DescriptionTo set authentication for the console server Appliance authenticationAuthentication servers 1. Click Authentication - Appliance AuthenticationTo configure an LDAPSAD authentication server To configure a TACACS+ authentication server1. Select Authentication - Authentication Servers - TACACS+ 1. Select Authentication - Authentication Servers - LDAPSADTo configure an NIS authentication server To configure a Kerberos authentication server1. Select Authentication - Authentication Servers - Kerberos 1. Select Authentication - Authentication Servers - NISLocal accounts To add new usersadmin group To configure password rules1. Click Users - Local Accounts - Password Rules User groupsTo view admin Appliance Access Rights 1. Click Users - Authorization - Groups appliance-admin groupshell-login-profile user groupTo remove members from a user group To configure a login profile for a user group3. Check the Enable Log-In Profile box 1. Click Users - Authorization - Groups1. Click Users - Authorization - Groups To add access to serial ports for a user groupTo assign appliance access rights for custom user groups 1. Click Users - Authorization - Groupsraccess = groupname=TACACS1 To configure a group in a TACACS+ authentication serverTo configure a group in a RADIUS authentication server FramedFilterID as groupname=adminTo configure Event Destinations To configure group an LDAP authentication serverTo configure Events Event Notifications1. Select Events and Logs - Data Buffering To configure Data BufferingData Buffering 2. Click Enable appliance session data logging alerts To configure Appliance Logging1. Click Enable appliance session data logging Active Sessions1. Select Change Password Change PasswordTo change your own password Web Manager Overview for Regular UsersTable 3.9 Web Manager Regular Users Screen Functional Areas 50 ACS v6000 Installation/Administration/User GuideFigure 3.3 Web Manager Regular User Screen Number DescriptionA P P E N D I C E S Appendix A BootP Configuration RetrievalConfiguration To resolve an issue Appendix B Technical SupportFor Technical Support 590-1034-501B