2.. Web Configuration Interface
Access Rights Permission String – In order for access rights to be assigned in User or Group authentication mode, a permission string must be entered into the directory attribute that is assigned to each User or Group. The name of this attribute must be entered into the Access Rights Attribute field in the Mode section of the Authentication page. See below for an explanation of how the permission string needs to be formatted.
Access Category – An Access Category is an entry in the permission string that refers to a particular access right to the KVM switch. The available Access Categories are listed below.
Note:
1.Access Categories are case sensitive.
2.Access rights must be assigned for each Access Category, regardless of whether User or Admin is assigned as the kvmrole.
•kvmdevice – Refers to the Device Name of a NetCommander IP
•kvmrole – Refers to the type of account, and can be either Admin or User (See the Users section of this manual for details on these account types).
•kvmports – Refers to the list of ports that an account is allowed to access. Ports are separated in the permission string by a comma.
An asterisk (*) can be used to indicate access to all ports.
•vm_ports – Refers to the list of virtual media ports that an account is allowed to access. Ports are separated in the permission string by a comma. An asterisk (*) can be used to indicate access to all ports.
•kvmtelports – Refers to the list of serial ports that an account is allowed to access. Ports are separated in the permission string by a comma. An asterisk (*) can be used to indicate access to all ports.
Sample Permission String
kvmdevice:D1144567,kvmrole:user,kvmports:1,2,5,vm_ports:1,2,kvmtelports:*
The permission string above assigns a User or Group with access to the KVM with Device Name D1144567. The account is given User permissions and has access to ports 1, 2, and 5 on the KVM, can access virtual media on ports 1 and 2, and can access all serial ports.
RADIUS Authentication Settings – Once enabled in the Enabled Authentications Methods section, RADIUS authentication is set up using the fields in the Authentication Sources section. To setup RADIUS authentication, make sure that the RADIUS tab in the Authentication Sources section is selected, and then follow the instructions below. Note: For RADIUS Authentication to work properly, a Tripp Lite dictionary must be installed on the RADIUS server. The dictionary should be present in the latest dictionaries supplied by FreeRADIUS, or can be manually downloaded at www.tripplite.com/support.
Servers – At the bottom of the page, the Servers section allows you to add RADIUS servers to the KVM. As with the authentication methods in the Enabled Authentication Methods section at the top of the page, RADIUS servers can be listed according to priority. The first server
in the list will be the first one accessed by the KVM during authentication, followed by the second server, etc. To avoid performance issues during the authentication process, it is recommended that you add no more than three RADIUS servers.
• To add a RADIUS server to the list, click on the Add button to bring up the Add RADIUS Server screen.
•Enter the IPv4, IPv6, or Host address for your RADIUS server in the corresponding field.
Note: The Host name should only be used for IPv4 RADIUS servers. For IPv6 RADIUS servers, the IPv6 address should be used instead of a Host name.
•Select the authentication Port number and Accounting Port number to be assigned to the server. The default authentication port number is 1812, and the default accounting port number is 1813.
33
