242Chapter 6 Configuring authentication

To configure the current authentication scheme to retrieve user group information from a different authentication scheme, use the following command:

/cfg/domain 1/aaa/auth #/adv

The Advanced menu displays.

The Advanced menu includes the following options:

/cfg/domain 1/aaa/auth #/adv followed by:

groupauth <auth IDs>

Specifies one or more preconfigured LDAP or Local

 

database authentication schemes (not including the

 

current one) that will be used to retrieve the user’s

 

group information after the user has been

 

authenticated.

 

To specify more than one authentication method to use

 

for authorization, enter the auth IDs separated by a

 

comma (,).

 

 

secondauth <auth ID>

Specifies a second authentication service to be used

 

after the first one succeeds. The feature supports

 

single sign-on to backend servers in cases where the

 

first authentication method is token based or uses

 

client certificate authentication.

 

Note: Not supported in Nortel Secure Network Access

 

Switch Software Release 1.0.

 

 

Configuring RADIUS authentication using the CLI

To configure the Nortel SNAS 4050 domain to use an external RADIUS server for authentication, use the following command:

/cfg/domain 1/aaa/auth <auth ID>

where auth ID is an integer in the range 1 to 63 that uniquely identifies the authentication method in the Nortel SNAS 4050 domain. If you do not specify the auth ID in the command, you are prompted for it.

When you first create the method for the domain, you must enter the authentication ID. After you have created the method and defined a name for it, you can use either the ID or the name to access the method for configuration.

320818-A

Page 242
Image 242
Nortel Networks 4050 Configuring Radius authentication using the CLI, Cfg/domain 1/aaa/auth #/adv, Groupauth auth IDs