Tacacs+, To view Kerberos settings | Lantronix 900-510 specs

11: User Authentication

To view Kerberos settings:

show kerberos

TACACS+

Similar to RADIUS, the main function of TACACS+ is to perform authentication for remote access. The SLB branch office manager supports the TACACS+ protocol (not the older TACACS or XTACACS protocols).

The system administrator can configure the SLB device to use TACACS+ to authenticate users attempting to log in using the Web, Telnet, SSH, or the console port.

Users who are authenticated through Kerberos are granted device port access through the port permissions on this page.

All Kerberos users are members of a group that has predefined user rights associated with it. You can add additional user rights that are not defined by the group.

To configure the SLB branch office manager to use TACACS+ to authenticate users:

1. Click the TACACS+ tab and select TACACS+. The following page displays.

SLB™ Branch Office Manager User Guide

163

Page 163

Image 163

Lantronix 900-510 manual Tacacs+, To view Kerberos settings

Contents

Part Number 900-510 Revision C October SLB Branch Office Manager User Guide Technology Drive Irvine, CA 92618, USA Toll Free Phone Fax Lantronix, Inc Corporate HeadquartersTechnical Support May SeptemberOctober Table of Contents IP Filter Commands Routing Typical InstallationsIP Address Method #1 Using the Front Panel Display Command Line Interface NFS and SMB/CIFS Device Ports SettingsPower Outlets Typical Setup Scenarios for the SLB Device NIS Connection ConfigurationLocal and Remote Users Local/Remote User Settings Audit Log Diagnostics Application Examples 206 Introduction to Commands 213 Accessing the Bootloader Bootload CommandsSecurity Practice Factors Affecting Security 206 Remaining chapters in this guide include About This GuidePurpose and Audience Chapter Summaries Operation Additional Documentation Overview Features Meets Needs of Branch Offices Typical Equipment BenefitsTypes of Business SLB088411-01 ModelsSLB088412-01 SLB 8 Front System Features Protocols Supported Access ControlPower Outlet Control Configuration Options Application Example SLB hardware includes the following Hardware Features Device Port Connections Serial Connections PC Card Interface Network Connections What’s in the Box Installation Product Information Label Technical Specifications To install the SLB branch office manager in a rack Physical Installation To connect to a device port Connecting to a Device PortConnecting to a Network Port Connecting a Terminal To avoid the possibility of noise due to arcing Connecting to a Power SourceConnecting Devices to Power Outlets To connect a terminal Connecting Devices to the 8-Port Ethernet Switch Typical InstallationsTo connect devices to the unmanaged Ethernet switch SLB Installation Using the Integrated Ethernet Switch Detector Quick SetupIP Address Methods of Assigning an IP Address Before You Begin Method #1 Using the Front Panel DisplayFront Panel LCD Display and Pushbuttons To enter setup information Entering the SettingsNavigating Quick Setup To complete the Quick Setup Method #2 Quick Setup on the WebRestoring Factory Defaults To use the LCD display to restore factory default settings Network Settings Date & Time Settings Sysadmin Password/ Retype Administrator SettingsTo save your entries, click the Apply button Enter the following information at the prompts Method #3 Quick Setup on the Command Line InterfaceTo complete the command line interface Quick Setup script Configure Eth1 Date/Time SysadminPassword Specifying To logout, type logout at the prompt and press Enter Next Step Web Interface Web and Command Line Interfaces Port Number Bar Icons Help Button Port, Switch, and Power Outlet BarLogout Button Tabs Options Apply Button Logging off LoggingWeb Page Help Logging out Command Line InterfaceTo log in to the SLB command line interface To log out of the SLB command line interface Commands have the following format Command SyntaxActions and Category Options For general command line Help, type Command Line HelpTips General CLI Commands Requirements Basic Parameters To enter settings for one or both network ports Eth1 and Eth2 Settings IPv6 Address SettingsEth 1 and/or Eth Eth 1 and/or Eth2 Gateway Hostname & Name Servers Ethernet Counters Network Commands Viewing IP Filters IP Filter Enabling IP Filters Configuring IP FiltersTo enable IP filters Administrator can add, edit, delete, and map IP filters Example FILTER-2 Rule ParametersTo add an IP filter Ruleset Name Deleting an IP Filter Updating an IP FilterMapping a Rule Set To set IP filter mapping IP Filter CommandsTo map a rule set to a network interface To delete a mapping Static Routing To configure routing settingsRouting Dynamic Routing To configure static or dynamic routing Equivalent Routing Commands SSH/Telnet/Logging ServicesSystem Logging and Other Services To configure SSH, Telnet, and Logging settings System Logging Enter the following settings Telnet Phone Home Audit LogTo save, click the Apply button Enable Traps Enable Agent Version Communities Range is 1-500 Kbytes SNMP, SSH, Telnet, and Logging CommandsV3 Read-Only User V3 Read-Write User Services To view current services NFS and SMB/CIFS To configure NFS and SMB/CIFS SMB/CIFS Share NFS MountsEnter the following for up to three directories To unmount a remote NFS share NFS and SMB/CIFS CommandsTo view NFS share settings To mount a remote NFS share Secure Lantronix Network To view SMB/CIFS settings Services Services Network Search Secure LantronixManually Entered IP Address List provides a list of IP Date and Time Secure Lantronix Network CommandsTo set the local date, time, and time zone Change Enable NTP To view the local date, time, and time zone Date and Time CommandsSynchronize via To view NTP settings Connection Methods Device Ports Permissions Global Port SettingsDevice Status Telnet/SSH/TCP in Port Numbers To set up Telnet, SSH, and TCP port numberingStarting Telnet Port To set limits on direct connections Global CommandsClick the Apply button to save the settings To configure a specific port To open the Device Ports Settings Device Ports SettingsTo configure settings for all or a group of device ports To view global settings for device ports Device Ports To enter device port settings IP Settings Data Settings Modem Settings Hardware Signal Triggers Modem Settings Text Mode Modem Settings PPP Mode Port Status and Counters Restart Delay SLP Status/Info To enter SLP commandsSLP Login User ID for logging into the SLP power manager Password for logging into the SLP power manager Device Port Sensorsoft Device SLP Commands To configure a single port or a group of ports Device Port Commands Device Ports To view the modes and states of one or more device ports Device CommandsTo view the settings for one or more device ports To view a list of all device port names Slp infeedstatus Interacting with a Device PortTo connect to a device port to monitor it Endpoint is one  To escape from the connect listen command, press any keyDevice Ports Logging Local Logging PC Card Logging NFS File LoggingEmail/SNMP Notification Local Logging Sylog LoggingTo set logging parameters Email/SNMP Traps NFS File Logging Syslog Logging Logging CommandsTo configure logging settings for one or more device ports PC Card Logging To clear the local log for a device port Console PortTo set console port parameters Click the Apply button to save the changes Console Port CommandsConnecting Change the following as desired To configure a power outlet Power OutletsTo configure console port settings To view console port settings View or enter the following information for each outlet Host Lists Power Outlet CommandsTo configure and control power outlets To view power outlet settings Retry Count Host ParametersHost List Id view Host List Name Escape Sequence To view or update a host list To delete a host list Host List Commands To move a host entry to a new position in the host list To add a new host entry to a list or edit an existing entryTo display the members of a host list PC Cards To set up PC Card storage in the SLB device Format Storage SettingsEnter the following settings for the selected PC Card Unmount Filesystem To enter modem settings for a PC Card State Enter or view the following D2 &c1 E1 Q0 Data Settings GSM/GPRS Settings Isdn SettingsGSM Global System for Mobile communication PPP Mode Text Mode Range IP SettingsService Telnet Port To rename a file on a Compact Flash card To view a directory listing of a Compact Flash cardTo unmount a Compact Flash card To format a Compact Flash card To configure a currently loaded PC Card modem PC Card Modem CommandsRemoves a file on a Compact Flash card SLB Branch Office Manager User Guide 124 Connections Remote Access Server Typical Setup Scenarios for the SLB DeviceTerminal Server Multiport Device Server Reverse Terminal ServerConsole Server SLB Branch Office Manager User Guide 128 To create a connection Connection ConfigurationData Flow Trigger SSH Out Options To configure initial timeout for outgoing connections Connection CommandsTo view, update, or disconnect a current connection Where SSH flags is one or more of user Login Name To monitor a device port To display global connections To terminate a bidirectional or unidirectional connectionTo view connections and their IDs To display details for a single connection Example User Authentication Information Ldap LightweightDirectory Access NIS Network To set ordering of authentication methods Authentication Commands To set password requirements for local users To enable local and/or remote usersLocal and Remote Users To add a user Local/Remote User SettingsLocal User Passwords To add, edit, or delete a user Clear Port Enter the following information for the userListen Ports Data Ports Password Change AccessOutlets Enable for At Login Configuration Users plus Networking , Date/Time , Reboot & ShutdownFull Administrative Web Access To delete a local user To change the sysadmin passwordShortcut To add a user based on an existing user To edit a local user To set a login password for the local user Local Users CommandsTo set whether a complex login password is required To enable or disable authentication of local users To block lock out a users ability to log Local User Rights CommandsRemote User Commands To view settings for all users or a local user Click the User Authentication tab and select the NIS option To view settings for all remote usersTo remove a remote user NIS Master Server Enable NISNIS Domain Broadcast for NIS Select or clear the checkboxes for the following rights Access OutletsClear Port Buffers Shutdown NIS Commands To view NIS settings To set a default custom menu for NIS usersTo set group and permissions for NIS users Enable Ldap Bind Name Bind PasswordRetype Password Base Reports Web Access Selects Reboot & Shutdown To set user group and permissions for Ldap users Ldap CommandsTo set a default custom menu for Ldap users To view Ldap settings Radius 1812 Server #1 Secret Enable RadiusRadius Server #1 Server #1 Port SLB Branch Office Manager User Guide 156 Radius Commands To set user group and permissions for Radius users To set a default custom menu for Radius usersTo view Radius settings Kerberos Realm Enable Kerberos KDC Port KDC IP AddressUse Ldap SLB Branch Office Manager User Guide 161 To set a default custom menu for Kerberos users Kerberos CommandsTo set user group and permissions for Kerberos users TACACS+ To view Kerberos settings TACACS+ Servers Enable TACACS+Secret SLB Branch Office Manager User Guide 165 SSH Keys TACACS+ CommandsTo set a default custom menu for TACACS+ users To view TACACS+ settings Exported Keys Imported Keys Host & User Associated with Key Imported Keys SSH Exported Keys SSH Out Host & Login for Import Export via Host and Login for ExportTo view, reset, or import SSH RSA1, RSA, And DSA host keys To view or delete a key Import Host Key Reset to DefaultView or enter the following Host Key To import an SSH key SSH Commands To export a key To reset defaults for all or selected host keysTo delete a key To display SSH keys that have been exported Custom User Menu CommandsCustom User Menus To display SSH keys that have been imported To set the optional title for a menu To assign a custom user menu to a local or remote user Example SLB Branch Office Manager User Guide 177 SLB Branch Office Manager User Guide 178 SLB Maintenance Maintenance and OperationTo configure settings Welcome Banner General SLB Firmware Configuration Management Boot Banks To manage configuration files To view or terminate current web sessions Firmware & Configurations Web SessionsFirmware & Configurations SSL Certificate To view, reset, import, or change an SSL Certificate Certificate Filename If desired, enter the followingCertificate Import SSL IGoogle Gadgets To set up an SLB iGoogle gadget To prepare the SLB branch office manager to be powered off Administrative CommandsTo reboot the SLB device To add welcome, login, and logout banners To update SLB firmware to a new revision To enable or disable iGoogle Gadget web contentTo configure the timeout for web sessions To view current timeout and all active web sessions To view FTP settings To view keypad settingsTo restore the SLB device to factory default settings System Logs SLB Branch Office Manager User Guide 191 Select to Lantronix Tech Support Audit Log System Log CommandTo clear one or all of the system logs Diagnostics Host Lookup Select DiagnosticsARP Table Netstat Send Packet SLB Branch Office Manager User Guide 197 To verify that the host is up and running Diagnostic CommandsTo display a report of network connections To resolve a host name into an IP address To generate and send Ethernet packets Status/ReportsTo display all network traffic, applying optional filters View Report View Report SLB Branch Office Manager User Guide 201 Events Status Commands There is no default Snmp Trap OID Events CommandsTrigger is one Response is one To delete an event To update event definitionsTo view events Application Examples SLB Branch Office Manager Configuration Telnet/SSH to a Remote Device Change the baud to 57600 and disable flow control View messages from the SUN server console Dial-in Text Mode to a Remote DeviceReboot the SUN server Connect to the device port Connect Connect to the SUN Unix server using the direct command Local Serial Connection to Network Device via Telnet SLB Branch Office Manager User Guide 211 Introduction to Commands Command Reference Command Reference Admin banner show Administrative CommandsAdmin banner login Admin banner logout Admin config save Admin config deleteAdmin config factorydefaults Admin config restore Admin firmware show Admin config showAdmin firmware bootbank Admin firmware copybank Admin keypad Admin ftp passwordAdmin ftp server Admin ftp show Admin shutdown Admin lcd resetAdmin quicksetup Admin reboot Admin web gadget Admin web certificateAdmin web certificate reset Admin web certificate show Authentication Commands Audit Log Commands Set kerberos Kerberos CommandsShow auth Show user Show kerberos Ldap CommandsDisplays Kerberos settings Default is Set localusers addedit Local Users CommandsDisplays Ldap settings Show ldap Set localusers state Set local users complexpasswordsSet localusers maxloginattempts Set localusers allowreuse Set localusers reusehistory Set localusers passwordSet localusers periodlockout Set localusers periodwarning Show nis NIS CommandsDisplays NIS settings Set nis Set radius server Radius CommandsDisplays Radius settings Set radius Show tacacs+ TACACS+ CommandsUser Permissions Commands Set tacacs+ Set remoteusers addedit Set localusers lockSet localusers unlock Set localusers permissions Set nisldapradiuskerberostacacs+ group Set remoteusers listonlyauthSet remoteusers delete Show remoteusers Displays the rights of the currently logged-in user CLI CommandsSet cli Set cli terminallines Show history Connection CommandsShow cli Set history Connect direct Connect unidirection Connect global outgoingtimeoutConnect listen deviceport Connect terminate Set consoleport Console Port CommandsShow connections Show connections connid Set menu add Custom User Menu CommandsShow consoleport Set localusers Show menu Date and Time CommandsSet menu delete Set nisldapradiuskerberostacacs+ custommenu Set ntp Device CommandsSet command Show datetime Set deviceport port Device Port Commands Script that initializes a modem Show deviceport global Set deviceport globalShow deviceport names Diagnostic Commands Diag lookup Diag internalsDiag netstat Diag nettrace Diag traceroute End Device CommandsXferdatasize Size In Kbytes to Transfer Default is 1 Kbyte Displays system information for the SLP power manager Admin events edit Events CommandsAdmin events add Admin events delete Set hostlist addedit Host List Name entry Host List CommandsAdmin events show Set hostlist addedit Host List Name Set ipfilter mapping Set hostlist deleteShow hostlist Set ipfilter state Sets IP filter rules Logging Commands Set network Network CommandsShow locallog Set locallog clear Set network port Set network dnsSet network gateway Set network host NFS and SMB/CIFS Commands Show cifs Set cifs passwordSet nfs unmount Set cifs PC Card Storage Commands Pccard modem PC Card Modem Commands Example Power CommandsSet power alarmthreshold Set power outlet Set routing Routing CommandsSet power switchingdelay Show power Set services Services Commands Set slcnetwork SLB Network CommandsShow services Displays current services Set sshkey delete SSH Key CommandsShow slcnetwork Set sshkey all export Set sshkey server import Set sshkey server resetShow sshkey export Displays host keys public key only Status CommandsShow sshkey import Show sshkey server Show syslog System Log CommandsShow sysconfig Show sysstatus Clears one or all of the system logs Show syslog clear User Commands BootloaderAccessing the Bootloader Bootload Commands Sends a ping request to the network host Administrator CommandsPrints bootloader variables Displays information about the current user Security Practice Security ConsiderationsFactors Affecting Security Safety Precautions Safety Information Rack FusesPort Connections Adapters and Pinouts RJ45 RJ45 DB25 Female DB9 Male Use PN 200.2070A adapter with a PCs serial port RJ45 DB9 Female DSR CTS Gnd Protocol Glossary NTP Network Time Protocol PAP Password Authentication ProtocolRadius Remote Authentication Dial-In User Service NMS Network Management System Telnet TACACS+ Terminal Access Controller Access Control System FCC Notice U.S. Only Industry Canada Notice Canada Only Compliance InformationManufacturer’s Name & Address Product Names SLB Branch Office Manager SLB Series Additional Agency Approvals and Certifications RoHS Compliance RoHS Notice Manufacturer’s Contact