Authentication Commands | Lantronix 900-510 instruction

		11: User Authentication


	TACACS+	TACACS+ allows a remote access server to communicate with an
	(Terminal Access	authentication server to determine whether the user has access to the
	Controller Access	network. TACACS+ is a completely new protocol and is not compatible
	Control System)	with TACACS or XTACACS. The SLB branch office manager supports
		TACACS+ only.

	Local Users	Local accounts authenticate users who attempt to log in via SSH,
		Telnet, the Web, or the console port.

3.To disable a method currently in the Enabled methods list, select the method and click the right arrow between the lists.

4.To set the order in which the SLB branch office manager will authenticate users, use the up and down arrows to the left of the Enabled methods list.

5.For Attempt next method on authentication rejection, you have the following options:

To enable the SLB device to use all methods, in order of precedence, until it obtains a successful authentication, select the check box. This is the default.

To enable the SLB branch office manager to use only the first authentication method that responds (in case a server is down or unavailable), clear the check box.

6.Click Apply.

Now that you have enabled one or more authentication methods, you must configure them.

Authentication Commands

The following command for the command line interface corresponds to the web page entries described above.

To set ordering of authentication methods:

Note: Local Users authentication is always the first method used. Any methods omitted from the command will be disabled.

set auth <one or more parameters>

Parameters:

authusenextmethod <enabledisable> kerberos <1-6>

ldap <1-6> localusers <1-6> nis <1-6> radius <1-6> tacacs+ <1-6>

To view authentication methods and their order of precedence:

show auth

SLB™ Branch Office Manager User Guide

136

Image 136

Lantronix 900-510 manual Authentication Commands, To set ordering of authentication methods

Contents

SLB Branch Office Manager User Guide Part Number 900-510 Revision C October Technology Drive Irvine, CA 92618, USA Toll Free Phone Fax Lantronix, Inc Corporate HeadquartersTechnical Support May SeptemberOctober Table of Contents Typical Installations IP Address Method #1 Using the Front Panel DisplayCommand Line Interface IP Filter Commands Routing Device Ports Settings Power OutletsTypical Setup Scenarios for the SLB Device NFS and SMB/CIFS Connection Configuration Local and Remote Users Local/Remote User SettingsAudit Log Diagnostics NIS Introduction to Commands Application Examples 206 Accessing the Bootloader Bootload Commands Security Practice Factors Affecting Security206 213 About This Guide Purpose and AudienceChapter Summaries Remaining chapters in this guide include Additional Documentation Operation Features Overview Meets Needs of Branch Offices Typical Equipment BenefitsTypes of Business SLB088411-01 ModelsSLB088412-01 System Features SLB 8 Front Access Control Power Outlet ControlConfiguration Options Protocols Supported Application Example Hardware Features SLB hardware includes the following Serial Connections Device Port Connections Network Connections PC Card Interface Installation What’s in the Box Technical Specifications Product Information Label Physical Installation To install the SLB branch office manager in a rack Connecting to a Device Port Connecting to a Network PortConnecting a Terminal To connect to a device port Connecting to a Power Source Connecting Devices to Power OutletsTo connect a terminal To avoid the possibility of noise due to arcing Connecting Devices to the 8-Port Ethernet Switch Typical InstallationsTo connect devices to the unmanaged Ethernet switch SLB Installation Using the Integrated Ethernet Switch Quick Setup IP AddressMethods of Assigning an IP Address Detector Before You Begin Method #1 Using the Front Panel DisplayFront Panel LCD Display and Pushbuttons To enter setup information Entering the SettingsNavigating Quick Setup Method #2 Quick Setup on the Web Restoring Factory DefaultsTo use the LCD display to restore factory default settings To complete the Quick Setup Network Settings Date & Time Settings Sysadmin Password/ Retype Administrator SettingsTo save your entries, click the Apply button Method #3 Quick Setup on the Command Line Interface To complete the command line interface Quick Setup scriptConfigure Eth1 Enter the following information at the prompts Sysadmin PasswordSpecifying Date/Time Next Step To logout, type logout at the prompt and press Enter Web and Command Line Interfaces Web Interface Port, Switch, and Power Outlet Bar Logout Button Tabs OptionsApply Button Port Number Bar Icons Help Button Logging off LoggingWeb Page Help Command Line Interface To log in to the SLB command line interfaceTo log out of the SLB command line interface Logging out Commands have the following format Command SyntaxActions and Category Options For general command line Help, type Command Line HelpTips General CLI Commands Basic Parameters Requirements Eth1 and Eth2 Settings To enter settings for one or both network ports Settings Eth 1 and/or EthEth 1 and/or Eth2 IPv6 Address Gateway Ethernet Counters Hostname & Name Servers Network Commands IP Filter Viewing IP Filters Configuring IP Filters To enable IP filtersAdministrator can add, edit, delete, and map IP filters Enabling IP Filters Rule Parameters To add an IP filterRuleset Name Example FILTER-2 Deleting an IP Filter Updating an IP FilterMapping a Rule Set IP Filter Commands To map a rule set to a network interfaceTo delete a mapping To set IP filter mapping To configure routing settings RoutingDynamic Routing Static Routing Equivalent Routing Commands To configure static or dynamic routing Services System Logging and Other ServicesTo configure SSH, Telnet, and Logging settings SSH/Telnet/Logging Enter the following settings System Logging Telnet Phone Home Audit LogTo save, click the Apply button Enable Agent Enable Traps Communities Version SNMP, SSH, Telnet, and Logging Commands V3 Read-Only UserV3 Read-Write User Range is 1-500 Kbytes Services To view current services To configure NFS and SMB/CIFS NFS and SMB/CIFS SMB/CIFS Share NFS MountsEnter the following for up to three directories NFS and SMB/CIFS Commands To view NFS share settingsTo mount a remote NFS share To unmount a remote NFS share To view SMB/CIFS settings Secure Lantronix Network Services Services Network Search Secure LantronixManually Entered IP Address List provides a list of IP Date and Time Secure Lantronix Network CommandsTo set the local date, time, and time zone Enable NTP Change To view the local date, time, and time zone Date and Time CommandsSynchronize via To view NTP settings Device Ports Connection Methods Permissions Global Port SettingsDevice Status Telnet/SSH/TCP in Port Numbers To set up Telnet, SSH, and TCP port numberingStarting Telnet Port Global Commands Click the Apply button to save the settingsTo configure a specific port To set limits on direct connections Device Ports Settings To configure settings for all or a group of device portsTo view global settings for device ports To open the Device Ports Settings Device Ports IP Settings To enter device port settings Data Settings Hardware Signal Triggers Modem Settings Modem Settings Text Mode Modem Settings PPP Mode Restart Delay Port Status and Counters To enter SLP commands SLP Login User ID for logging into the SLP power managerPassword for logging into the SLP power manager SLP Status/Info SLP Commands Device Port Sensorsoft Device Device Port Commands To configure a single port or a group of ports Device Ports Device Commands To view the settings for one or more device portsTo view a list of all device port names To view the modes and states of one or more device ports Slp infeedstatus Interacting with a Device PortTo connect to a device port to monitor it  To escape from the connect listen command, press any key Device Ports LoggingLocal Logging Endpoint is one PC Card Logging NFS File LoggingEmail/SNMP Notification Local Logging Sylog LoggingTo set logging parameters Email/SNMP Traps NFS File Logging Logging Commands To configure logging settings for one or more device portsPC Card Logging Syslog Logging To clear the local log for a device port Console PortTo set console port parameters Console Port Commands ConnectingChange the following as desired Click the Apply button to save the changes Power Outlets To configure console port settingsTo view console port settings To configure a power outlet View or enter the following information for each outlet Power Outlet Commands To configure and control power outletsTo view power outlet settings Host Lists Host Parameters Host List Id viewHost List Name Retry Count Escape Sequence To view or update a host list Host List Commands To delete a host list To move a host entry to a new position in the host list To add a new host entry to a list or edit an existing entryTo display the members of a host list To set up PC Card storage in the SLB device PC Cards Storage Settings Enter the following settings for the selected PC CardUnmount Format To enter modem settings for a PC Card Filesystem Enter or view the following State Data Settings D2 &c1 E1 Q0 GSM/GPRS Settings Isdn SettingsGSM Global System for Mobile communication Text Mode PPP Mode IP Settings ServiceTelnet Port Range To view a directory listing of a Compact Flash card To unmount a Compact Flash cardTo format a Compact Flash card To rename a file on a Compact Flash card To configure a currently loaded PC Card modem PC Card Modem CommandsRemoves a file on a Compact Flash card SLB Branch Office Manager User Guide 124 Connections Remote Access Server Typical Setup Scenarios for the SLB DeviceTerminal Server Multiport Device Server Reverse Terminal ServerConsole Server SLB Branch Office Manager User Guide 128 To create a connection Connection ConfigurationData Flow SSH Out Options Trigger Connection Commands To view, update, or disconnect a current connectionWhere SSH flags is one or more of user Login Name To configure initial timeout for outgoing connections To monitor a device port To terminate a bidirectional or unidirectional connection To view connections and their IDsTo display details for a single connection To display global connections User Authentication Example Ldap Lightweight Directory AccessNIS Network Information Authentication Commands To set ordering of authentication methods To set password requirements for local users To enable local and/or remote usersLocal and Remote Users Local/Remote User Settings Local User PasswordsTo add, edit, or delete a user To add a user Enter the following information for the user Listen PortsData Ports Clear Port Access Outlets Enable forAt Login Password Change Users plus Networking , Date/Time , Reboot & Shutdown Full AdministrativeWeb Access Configuration To change the sysadmin password Shortcut To add a user based on an existing userTo edit a local user To delete a local user Local Users Commands To set whether a complex login password is requiredTo enable or disable authentication of local users To set a login password for the local user Local User Rights Commands Remote User CommandsTo view settings for all users or a local user To block lock out a users ability to log Click the User Authentication tab and select the NIS option To view settings for all remote usersTo remove a remote user Enable NIS NIS DomainBroadcast for NIS NIS Master Server Select or clear the checkboxes for the following rights Access OutletsClear Port Buffers NIS Commands Shutdown To view NIS settings To set a default custom menu for NIS usersTo set group and permissions for NIS users Enable Ldap Bind Password Retype PasswordBase Bind Name Selects Reboot & Shutdown Reports Web Access Ldap Commands To set a default custom menu for Ldap usersTo view Ldap settings To set user group and permissions for Ldap users Radius Enable Radius Radius Server #1Server #1 Port 1812 Server #1 Secret SLB Branch Office Manager User Guide 156 Radius Commands To set a default custom menu for Radius users To view Radius settingsKerberos To set user group and permissions for Radius users Enable Kerberos Realm KDC Port KDC IP AddressUse Ldap SLB Branch Office Manager User Guide 161 To set a default custom menu for Kerberos users Kerberos CommandsTo set user group and permissions for Kerberos users To view Kerberos settings TACACS+ TACACS+ Servers Enable TACACS+Secret SLB Branch Office Manager User Guide 165 TACACS+ Commands To set a default custom menu for TACACS+ usersTo view TACACS+ settings SSH Keys Imported Keys Exported Keys Imported Keys SSH Host & User Associated with Key Host & Login for Import Exported Keys SSH Out Host and Login for Export To view, reset, or import SSH RSA1, RSA, And DSA host keysTo view or delete a key Export via Reset to Default View or enter the followingHost Key Import Host Key SSH Commands To import an SSH key To export a key To reset defaults for all or selected host keysTo delete a key Custom User Menu Commands Custom User MenusTo display SSH keys that have been imported To display SSH keys that have been exported To assign a custom user menu to a local or remote user To set the optional title for a menu Example SLB Branch Office Manager User Guide 177 SLB Branch Office Manager User Guide 178 SLB Maintenance Maintenance and OperationTo configure settings General Welcome Banner SLB Firmware Boot Banks Configuration Management To manage configuration files Firmware & Configurations Web Sessions Firmware & Configurations SSL CertificateTo view, reset, import, or change an SSL Certificate To view or terminate current web sessions If desired, enter the following CertificateImport SSL Certificate Filename To set up an SLB iGoogle gadget IGoogle Gadgets Administrative Commands To reboot the SLB deviceTo add welcome, login, and logout banners To prepare the SLB branch office manager to be powered off To enable or disable iGoogle Gadget web content To configure the timeout for web sessionsTo view current timeout and all active web sessions To update SLB firmware to a new revision To view FTP settings To view keypad settingsTo restore the SLB device to factory default settings System Logs SLB Branch Office Manager User Guide 191 Select to Lantronix Tech Support Audit Log System Log CommandTo clear one or all of the system logs Diagnostics Select Diagnostics ARP TableNetstat Host Lookup Send Packet SLB Branch Office Manager User Guide 197 Diagnostic Commands To display a report of network connectionsTo resolve a host name into an IP address To verify that the host is up and running To generate and send Ethernet packets Status/ReportsTo display all network traffic, applying optional filters View Report View Report SLB Branch Office Manager User Guide 201 Status Commands Events There is no default Events Commands Trigger is oneResponse is one Snmp Trap OID To delete an event To update event definitionsTo view events SLB Branch Office Manager Configuration Application Examples Change the baud to 57600 and disable flow control Telnet/SSH to a Remote Device Dial-in Text Mode to a Remote Device Reboot the SUN serverConnect to the device port View messages from the SUN server console Connect to the SUN Unix server using the direct command Connect Local Serial Connection to Network Device via Telnet SLB Branch Office Manager User Guide 211 Command Reference Introduction to Commands Command Reference Administrative Commands Admin banner loginAdmin banner logout Admin banner show Admin config delete Admin config factorydefaultsAdmin config restore Admin config save Admin config show Admin firmware bootbankAdmin firmware copybank Admin firmware show Admin ftp password Admin ftp serverAdmin ftp show Admin keypad Admin lcd reset Admin quicksetupAdmin reboot Admin shutdown Admin web certificate Admin web certificate resetAdmin web certificate show Admin web gadget Audit Log Commands Authentication Commands Kerberos Commands Show authShow user Set kerberos Ldap Commands Displays Kerberos settingsDefault is Show kerberos Local Users Commands Displays Ldap settingsShow ldap Set localusers addedit Set local users complexpasswords Set localusers maxloginattemptsSet localusers allowreuse Set localusers state Set localusers password Set localusers periodlockoutSet localusers periodwarning Set localusers reusehistory NIS Commands Displays NIS settingsSet nis Show nis Radius Commands Displays Radius settingsSet radius Set radius server TACACS+ Commands User Permissions CommandsSet tacacs+ Show tacacs+ Set localusers lock Set localusers unlockSet localusers permissions Set remoteusers addedit Set remoteusers listonlyauth Set remoteusers deleteShow remoteusers Set nisldapradiuskerberostacacs+ group CLI Commands Set cliSet cli terminallines Displays the rights of the currently logged-in user Connection Commands Show cliSet history Show history Connect direct Connect global outgoingtimeout Connect listen deviceportConnect terminate Connect unidirection Console Port Commands Show connectionsShow connections connid Set consoleport Custom User Menu Commands Show consoleportSet localusers Set menu add Date and Time Commands Set menu deleteSet nisldapradiuskerberostacacs+ custommenu Show menu Device Commands Set commandShow datetime Set ntp Device Port Commands Set deviceport port Script that initializes a modem Show deviceport global Set deviceport globalShow deviceport names Diagnostic Commands Diag internals Diag netstatDiag nettrace Diag lookup End Device Commands Xferdatasize Size In Kbytes to Transfer Default is 1 KbyteDisplays system information for the SLP power manager Diag traceroute Events Commands Admin events addAdmin events delete Admin events edit Host List Commands Admin events showSet hostlist addedit Host List Name Set hostlist addedit Host List Name entry Set hostlist delete Show hostlistSet ipfilter state Set ipfilter mapping Logging Commands Sets IP filter rules Network Commands Show locallogSet locallog clear Set network Set network dns Set network gatewaySet network host Set network port NFS and SMB/CIFS Commands Set cifs password Set nfs unmountSet cifs Show cifs PC Card Storage Commands PC Card Modem Commands Pccard modem Power Commands Set power alarmthresholdSet power outlet Example Routing Commands Set power switchingdelayShow power Set routing Services Commands Set services SLB Network Commands Show servicesDisplays current services Set slcnetwork SSH Key Commands Show slcnetworkSet sshkey all export Set sshkey delete Set sshkey server import Set sshkey server resetShow sshkey export Status Commands Show sshkey importShow sshkey server Displays host keys public key only System Log Commands Show sysconfigShow sysstatus Show syslog Show syslog clear Clears one or all of the system logs Bootloader Accessing the BootloaderBootload Commands User Commands Administrator Commands Prints bootloader variablesDisplays information about the current user Sends a ping request to the network host Security Practice Security ConsiderationsFactors Affecting Security Safety Information Safety Precautions Rack FusesPort Connections Adapters and Pinouts RJ45 RJ45 DB25 Female DB9 Male RJ45 DB9 Female Use PN 200.2070A adapter with a PCs serial port Gnd DSR CTS Protocol Glossary PAP Password Authentication Protocol Radius Remote Authentication Dial-In User ServiceNMS Network Management System NTP Network Time Protocol TACACS+ Terminal Access Controller Access Control System Telnet Compliance Information Manufacturer’s Name & AddressProduct Names SLB Branch Office Manager SLB Series FCC Notice U.S. Only Industry Canada Notice Canada Only RoHS Compliance Additional Agency Approvals and Certifications Manufacturer’s Contact RoHS Notice