Authentication Commands, Show auth | Lantronix SLC 8000 instruction

		11: User Authentication

	TACACS+	TACACS+ allows a remote access server to communicate with an
	(Terminal Access	authentication server to determine whether the user has access to the
	(Terminal Access	network. TACACS+ is a completely new protocol and is not compatible with
	Controller Access Control
	System)	TACACS or XTACACS. The SLC 8000 advanced console manager
	System)	supports TACACS+ only.
		supports TACACS+ only.

	Local Users	Local accounts on the SLC unit used to authenticate users who log in using
		SSH, Telnet, the web, or the console port.

3.To disable a method currently in the Enabled methods list, select the method and click the right arrow between the lists.

4.To set the order in which the SLC unit will authenticate users, use the up and down arrows to the left of the Enabled methods list.

5.For Attempt next method on authentication rejection, you have the following options:

-To enable the SLC 8000 advanced console manager to use all methods, in order of precedence, until it obtains a successful authentication, select the check box. This is the default.

-To enable the SLC unit to use only the first authentication method that responds (in case a server is down or unavailable), clear the check box.

6.Click Apply.

Now that you have enabled one or more authentication methods, you must configure them.

Authentication Commands

The following command for the command line interface corresponds to the web page entries described above.

To set ordering of authentication methods:

Note: Local Users authentication is always the first method used. Any methods omitted from the command will be disabled.

set auth <one or more parameters>

Parameters

authusenextmethod <enabledisable> kerberos <1-6>

ldap <1-6> localusers <1-6> nis <1-6> radius <1-6> tacacs+ <1-6>

To view authentication methods and their order of precedence:

show auth

SLC™ 8000 Advanced Console Manager User Guide

176

Image 176

Lantronix SLC 8000 Authentication Commands, To set ordering of authentication methods, Set auth one or more parameters

Contents

SLC Advanced Console Manager User Guide Warranty Copyright & TrademarkOpen Source Software Contacts Disclaimer & Revisions Revision History Table of Contents Basic Parameters Quick SetupWeb and Command Line Interfaces Services Device Ports 100 USB/SD Card Port 157 Connections 166 User Authentication 174 Maintenance 227 Command Reference 260 Application Examples 255 Appendix B Safety Information 329 Appendix a Security Considerations 328 SLC 8000 Advanced Console Manager User Guide List of Tables List of Figures SLC 8048 Unit Front Side Part Number SLC 804812N-01-S 13 SSL Certificate97 13User Authentication Custom Menus Summary of Chapters About this GuidePurpose and Audience Additional Documentation About this Guide Features PowerIntroduction Console Management System Features Models Access Control Protocols Supported Device Port Buffer Hardware FeaturesConfiguration Options Serial Port Interfaces Device Ports Back Side Network Connections Network Connection USB Interface Memory Card Port Internal Modem Internal Modem Location Installation Power CordsWhats in the Box Product Information Label Technical Specifications Physical Installation Connecting to a Device PortTo install the SLC 8000 advanced console manager in a rack To connect to a device port Console Port and Device Port DTE Reverse Pinout Disabled Modular Expansion for I/O Module Connecting to Network PortsConnecting Terminals AC Input To connect a terminal Modem Installation Modem Servicing Instructions Installation Battery Replacement Battery Part Numbers Disposal of Used Batteries from battery data sheet Battery Replacement Instructions Short the Battery and Damage the Battery Housing Installation IP Address Quick SetupRecommendations Method #1 Using the Front Panel Display Front Panel LCD Display and KeypadsNavigating Before you begin, ensure that you have Right arrow Left arrowEnter center button Up and down arrows Entering the Settings Method #2 Quick Setup on the Web Restoring Factory DefaultsTo use the LCD display to restore factory default settings To complete the Quick Setup Quick Setup Network Settings Date & Time Settings To complete the command line interface Quick Setup script Method #3 Quick Setup on the Command Line InterfaceAdministrator Settings Specifying Config Eth1IP Address if Date/Time SysadminPassword Next Step Web and Command Line Interfaces Web Manager  Port Number Bar Logging To log in to the SLC web manager Web Page Help Command Line InterfaceLogging Out Command Syntax Command Line HelpTips To log in any other user General CLI Commands To configure the current command line sessionTo set the number of lines displayed by a command To show current CLI settings To view the rights of the currently logged-in user To view the last 100 commands entered in the sessionTo clear the command history Basic Parameters Requirements To enter settings for one or both network ports Network Network Settings 1234BCD1D678375BADD57 Ethernet Interfaces Eth1 and Eth212340BCD1D67000000008375BADD0057 may be shortened to Gateway Hostname & Name Servers Network Commands DNS ServersDHCP-Acquired DNS Servers TCP Keepalive Parameters To set the default and alternate network gateways To view all network settingsTo view Ethernet port settings and counters To view DNS settings IP Filter Viewing IP FiltersMapping Rulesets To view a list of IP filters Configuring IP Filters To enable IP filtersEnabling IP Filters To delete a mapping Rule Parameters Ruleset NameIP Addresses Protocol Allow service Port RangeAction Generate rule to Deleting an IP Filter IP Filter CommandsUpdating an IP Filter To configure routing settings RoutingDynamic Routing Replace Rule Number delete Rule Number Equivalent Routing Commands To configure static or dynamic routingShow routing resolveip enabledisable email Email Address Static Routing Enable VPN Tunnel To complete the VPNName Ethernet Port Authentication IKE Authentication ESPRemote Id Remote Hop/Router Configuring an IPsec VPN Tunnel through the CLI Security To enable Fips To disable Fips Services System Logging and Other Services SSH/Telnet/Logging System Logging Audit Log Phone Home Web SSH/Web Telnet SettingsTelnet Enable Agent Top Level MIB Communities Version SNMP, SSH, Telnet, and Logging Commands Set services one or more services parametersV3 Read-Only User V3 Read-Write User Set services v3passwordv3phrasev3rwpasswordv3rwphrase To view current servicesShow services To configure NFS and SMB/CIFS SMB/CIFS Share Nfsserverhostname or ipaddr/exported/path NFS and SMB/CIFS Commands To view NFS share settingsTo mount a remote NFS share To unmount a remote NFS share Show cifs To view SMB/CIFS settingsSecure Lantronix Network Services Secure Lantronix Network To directly access the CLI interface for a device IP Address Login To directly access a specific port on a particular device SSH or Telnet CLI Session Secure Lantronix Network Commands Set s one or more parametersAdd IP Address delete IP Address Secure Lantronix Date and Time Search localsubnetipaddrlistbothShow slcnetwork ipaddrlist allAddress Mask To set the local date, time, and time zone 10 Services Date & Time Enable NTP Date and Time Commands To view the local date, time, and time zone To view NTP settings To configure the Web ServerWeb Server Show ntp Admin Web Commands To configure the timeout for web sessionsAdmin web timeout disable5-120 minutes Admin web protocol sslv2nosslv2 Services Web Sessions Services SSL Certificate To view, reset, import, or change an SSL Certificate Reset to Default LoginCertificate Import SSL Certificate Web Server Commands To set up an SLC iGoogle gadgetPassword / Retype Password IGoogle Gadgets 14 iGoogle Gadget Example Permissions Device PortsConnection Methods Modules Device Ports Device Status Devices Device Status Device Ports Devices Device Ports Global Commands Telnet/SSH/TCP in Port Numbers Device Ports Settings To view global settings for device portsTo open the Device Ports Settings Sshport TCP Port tcpport TCP Port telnetport TCP Port SLC 8000 Advanced Console Manager User Guide 106 Device Port Settings IP Settings Data Settings Hardware Signal Triggers Modem Settings Device Ports AT S7=45 SO=0 L1 V1 X4 &D2 &c1 E1 Q0 Modem Settings Text ModeModem Settings PPP Mode Same authentication for DOD AuthenticationEnable NAT Remote/Dial-out Login To open the Device Ports SLP Port Status and CountersDevice Ports SLP / ServerTech CDU Device To enter SLP commands Number of OutletsNumber of Expansion Outlets Device Port Sensorsoft Device Devices Device Ports Sensorsoft Device Port Commands Show deviceport port Device Port List or Name To set the dialout passwordTo view the settings for one or more device ports Device Commands To view a list of all device port namesTo view the modes and states of one or more device ports To zero the port counters for one or more device ports Interacting with a Device Port To connect to a device port to monitor it Device Ports Logging Local LoggingNFS File Logging Connect direct endpoint USB and SD Card Logging Email/SNMP NotificationSylog Logging Device Port NumberDevice Port NameFile number.log Email/Traps Email/TrapsLocal Logging Email Delay SendTrigger on Byte Threshold Syslog Logging Log Viewing AttributesUSB / SD Card Logging Logging Commands To configure logging settings for one or more device portsShow locallog Device Port # or Name bytes Bytes To Display To clear the local log for a device port Console Port To set console port parameters Internal Modem Settings Console Port CommandsTo configure console port settings To view console port settings Setting Up Internal Modem Storage SLC 8000 Advanced Console Manager User Guide 128 AT S7=45 SO=0 L1 V1 X4 &D2 &c1 E1 Q0 Password/ Retype Host ListsTo add a host list Chap Handshake To retry connecting to the host list Host Parameters Escape Sequence To view or update a host list Retry connecting to the host list To add a new host entry to a list or edit an existing entry Host List CommandsTo delete a host list Scripts To move a host entry to a new position in the host listTo display the members of a host list To add a script SLC 8000 Advanced Console Manager User Guide 136 Type ScriptsScript Name To view or update a script SD Card Right to view and enter settings for SD cardUser Rights Group Batch Script Syntax To rename a scriptTo delete a script To change the permissions for a script Set myvar expr 1 + Senduser PasswordInterface Script Syntax Primary Commands Secondary Commands String compare str 1 str Compare two stringsString match str 1 str Determine if two strings are equal Control Flow Commands 19 Control Flow Commands Sample Scripts Interface Script-Monitor Port SLC 8000 Advanced Console Manager User Guide 146 Batch Script-SLC CLI SLC 8000 Advanced Console Manager User Guide 148 Sites To add a siteSite Id Site Name Login/CHAP Host Dial-out LoginDial-out Password Chap Secret To view or update a site To delete a siteTo create or edit a site Set site addedit Site Name parameters Set site delete Site Name show site allnamesSite Name Modem Dialing StatesDial Dial-back Dial-on-demand Dial-in & Dial-on-demand Dial-back & Dial-on-demand Cbcp Server SLC 8000 Advanced Console Manager User Guide 156 Set Up of USB/SD Card Storage USB/SD Card Port Click Configure Unmount FormatFilesystem Filesystem Check To configure the USB Modem port, from the USB Ports table Devices USB Modem Modem Settings Text Mode PPP Mode Remote/Dial-out Pwd Manage Files USB Commands SD Card Commands Terminal Server Typical Setup Scenarios for the SLC UnitConnections Remote Access Server Reverse Terminal Server Multiport Device Server Console Server Connection Configuration To create a connectionOutgoing Connection To view, update, or disconnect a current connection SSH OutOptions Trigger To monitor a device port Connection CommandsTo configure initial timeout for outgoing connections To display details for a single connection To terminate a bidirectional or unidirectional connectionTo view connections and their IDs To display global connections Connect global show User Authentication Ldap User Authentication Authentication Methods Kerberos Authentication Commands To set ordering of authentication methodsSet auth one or more parameters Show auth User Rights User Types and Rights Local and Remote User Settings To enable local and/or remote users Adding, Editing or Deleting a User To add a user Clear Port Buffers Listen PortsData Ports Enable for Dial-back Display Menu at LoginPassword Expires Allow Password Change SD Card Right to enter settings for SD card Select or clear the checkboxes for the following rights Local Users Commands Shortcut Local User Rights Commands Remote User Commands To view settings for all remote users To configure the SLC unit to use NIS to authenticate users User Authentication NIS Enable NIS NIS DomainBroadcast for NIS NIS Master Server SLC 8000 Advanced Console Manager User Guide 188 To set group and permissions for NIS users NIS CommandsTo view NIS settings To configure the SLC unit to use Ldap to authenticate users Ldap User Authentication Ldap Enable Ldap Uid=$login,ou=People,dc=lantronix,dc=com, and user roberts Uid=roberts,ou=People,dc=lantronix,dc=com and the password Private key in base64 encoding Certificate in base64 encodingKey File is in PEM format, eg Ldap Commands Adsupport enabledisableRight to enter modem settings for USB Set ldap one or more parameters To set the Ldap bind password To view Ldap settingsTo set user group and permissions for Ldap users To import or delete a certificate Radius Tcp, or udp Listen Port Radius Commands To set user group and permissions for Radius users To view Radius settings Show radius Kerberos END-VENDOR Lantronix KDC IP Address Enable KerberosRealm Use Ldap Full AdministrativeKDC Port Kerberos Commands Set kerberos group defaultpoweradminSet kerberos one or more parameters To set user group and permissions for Kerberos users To view Kerberos settings Set kerberos permissions Permission ListSet kerberos custommenu Menu Name Show kerberos Secret Enable TACACS+TACACS+ Servers SLC 8000 Advanced Console Manager User Guide 207 TACACS+ Commands Set tacacs+ group defaultpoweradminSet tacacs+ one or more parameters To set user group and permissions for TACACS+ users To view TACACS+ settings To configure Groups in the SLC unitGroups Set tacacs+ custommenu Menu Name 10 User Authentication Groups Group Name Dial-back Enable forDeviceport, tcp, or udp SSH Keys Imported Keys Exported Keys SLC 8000 Advanced Console Manager User Guide 214 Host & Login for Import Imported Keys SSHExported Keys SSH Out Host & User Associated with Key Host and Login for Export To view, reset, or import SSH RSA1, RSA, And DSA host keysTo view or delete a key Key Name Import Host Key Reset to Default HostKey SSH Commands To import an SSH keySet sshkey import ftpscpcopypaste one or more parameters To export a key To reset defaults for all or selected host keys To delete a keyTo display SSH keys that have been imported To display SSH keys that have been exported Custom Menus To add a custom menu SLC 8000 Advanced Console Manager User Guide 221 Menu Name TitleNicknames Redisplay Menu Custom User Menu Commands To view or update a custom menuTo delete a custom menu To create a new custom menu from an existing custom menu To set the optional title for a menu SLC 8000 Advanced Console Manager User Guide 225 SLC 8000 Advanced Console Manager User Guide 226 Maintenance Firmware & Configurations To configure settings Maintenance Firmware & Configurations SLC Firmware Internal TemperatureSite Information Boot Banks Load Firmware Via Options Configuration Management Administrative Commands To reboot the SLC 8000 advanced console managerAdmin shutdown Manage Files To update SLC firmware to a new revision To view FTP settingsTo restore the SLC unit to factory default settings To list current hardware and firmware information To rename a saved configuration To delete a saved configurationTo list the configurations saved to a location Set temperature one or more parameters System Logs To view system logsLevel Starting at Ending at System Log CommandTo clear system logs Audit Log To clear one or all of the system logs SLC 8000 Advanced Console Manager User Guide 238 Maintenance Email Log Email Log Diagnostics ARP TableNetstat Host Lookup Diagnostic Commands Diag arp email Email Address To display a report of network connections To resolve a host name into an IP addressTo verify that the host is up and running To generate and send Ethernet packets Default is To display all network traffic, applying optional filtersDiag nettrace one or more parameters Parameters ethport Maintenance Status/Reports Status/Reports Serial port settings View ReportAll Displays all reports Port Status Devices Host Lists Status Commands To display a snapshot of configurable parametersEmailing Logs and Reports To display the overall status of all SLC units To email a log to an individual 11 Emailed Log or Report SLC 8000 Advanced Console Manager User Guide 248 Ethernet EventsEvent Trigger Events Commands To update event definitions To configure the LCD and KeypadLCD/Keypad To delete an event Keypad Locked To configure the LCDTo configure the Keypad LCD/Keypad Commands To configure banner settingsRestore Factory Defaults Password / Retype Password Banners Banner Commands Login BannerWelcome Banner Logout Banner SLC show deviceport port Application ExamplesTelnet/SSH to a Remote Device Reboot Shutdown messages from SUN SLC connect direct deviceport Dial-in Text Mode to a Remote Device Dial-in Text Mode to a Remote Device Local Serial Connection to Network Device via Telnet Local Serial Connection to Network Device via Telnet Trying Connected to Escape character is Sun OS 8.0 login Command Reference Introduction to Commands For general command line Help, type Administrative Commands Admin banner loginAdmin banner logout Admin banner show Admin banner ssh Admin banner welcomeAdmin config delete Admin config factorydefaults Admin config restore Admin config save Admin config show Admin firmware bootbankAdmin firmware show Admin firmware update Admin ftp password Admin ftp serverAdmin ftp show Admin keypad Admin keypad show Admin lcd resetAdmin memory show Admin memory swap add Size of Swap in MB usbport U1U1 Admin quicksetup Admin rebootAdmin shutdown Admin site Admin version Admin web certificateAdmin web certificate reset Admin web certificate show Admin web group Admin web timeoutAdmin web terminate Admin web show Audit Log Commands Authentication Commands Set authShow auth Show user Kerberos Commands Displays Kerberos settingsSet kerberos Show kerberos Set ldap Ldap CommandsSet ldap bindpassword Local Users Commands Set localusers addedit User Login one or more parametersSet ldap certificate importdelete Show ldap Set local users complexpasswords Set localusers allowreuseSet localusers state Set localusers delete Set localusers maxloginattempts Set localusers passwordSet localusers periodlockout Set localusers periodwarning Set nis NIS CommandsShow localusers Radius Commands Displays NIS settingsShow nis Set radius TACACS+ Commands Displays Radius settingsSet radius server Show radius User Permissions Commands Show tacacs+Set localusers group Set localusers lock Set remoteusers listonlyauth Set localusers permissionsSet remoteusers addedit Set remoteusers delete Show remoteusersSet nisldapradiuskerberostacacs+ group Set nisldapradiuskerberostacacs+ permissions Set cli terminallines CLI CommandsSet cli Connection Commands Show cliSet history Show history Connect global outgoingtimeout Connect direct Connect unidirection Connect listen deviceportConnect terminate Set consoleport Show connectionsShow connections connid Custom User Menu Commands Show consoleportSet localusers Set menu add Set menu delete Set nisldapradiuskerberostacacs+ custommenuShow menu Set nisldapradiuskerberostacacs custommenu Menu Name Date and Time Commands Set datetimeShow datetime Set ntp Show ntp Device CommandsSet command Device Port Commands Set deviceport port SLC 8000 Advanced Console Manager User Guide 294 Set deviceport global Show deviceport globalShow deviceport names Sshport TCP Port telnetport TCP Port tcpport TCP Port Show deviceport port Show portcountersShow portcounters zerocounters Show portstatus Diagnostic Commands Diag arpDiag internals Diag netstat Diag lookup Diag loopbackDiag perfstat Diag pingping6 Count=1, delay = 5 seconds Diag sendpacket hostDiag top Diag traceroute End Device Commands Slp auth loginSlp envmon Slp outletcontrol state Events Commands Admin events addSlp restart Slp system Group Commands Admin events deleteAdmin events edit Admin events show Host List Commands Set hostlist addedit Host List NameSet hostlist addedit Host List Name entry Set groups rename Group Name newname New Group Name Show hostlist Set hostlist edit Host List Name moveSet hostlist delete Set ipfilter mapping Internal Modem CommandsSet ipfilter state Logging Commands Set ip filter rules Example Show locallogSet locallog clear Set log clear modem Set log modem ppplog enabledisableSet log modem pppdebug enabledisable Network Commands Show log localSet network Set network dns Configures up to three DNS servers Set network gatewaySet network host Set network port Displays all network settings Show network gatewayShow network host Show network port NFS and SMB/CIFS Commands Set nfs mountSet nfs unmount Set cifs Routing Commands Set cifs passwordShow cifs Show nfs Show routing Security Commands Services Commands Show services SLC Network Commands SSH Key CommandsSet slcnetwork Show slcnetwork Set sshkey delete Set sshkey exportSet sshkey import Set sshkey import Set sshkey server reset Set sshkey server import typeShow sshkey export Show sshkey import Status Commands Show sshkey server System Log Commands Show sysconfigShow sysstatus Show syslog USB Access Commands USB Storage CommandsSet usb access Show syslog clear Set usb storage fsck Set usb storage formatSet usb storage mount Set usb storage unmount USB Modem Commands Set usb storage copySet usb storage delete Show usb storage VPN Commands Set usb modem U1U2 dialoutpasswordSet vpn Show usb modem Show vpn Set temperature Show temperatureSet temperature Show vpn rsakey Factors Affecting Security Appendix a Security ConsiderationsSecurity Practice Appendix B Safety Information Safety Precautions Rack Port Connections Appendix C Adapters and Pinouts Appendix C Adapters and Pinouts SLC 8000 Advanced Console Manager User Guide 333 Appendix D Protocol Glossary PAP Password Authentication Protocol Radius Remote Authentication Dial-In User ServiceTACACS+ Terminal Access Controller Access Control System NTP Network Time Protocol Appendix E Compliance Information Manufacturer’s Name & Address Appendix E Compliance Information RoHS Notice