Configuring Non-local RADIUS Users
In order to allow login with non-local user to the 61000/41000 Security System, you need to define a default role for all non-local users that are configured in the Radius server.
The default role can include a combination of administrative (read/write) access to some features, monitoring (read-only) access to other features, and no access to other features.
Syntax: to define default role for non-local users
add rba role radius-group-any domain-type System readonly-features <List>
readwrite-features <List>
readonly-features <List> - Comma separated list of Gaia features that have read only permissions in the specified role. readwrite-features <List> - Comma separated list of Gaia features that have read/write permissions in the specified role.
Example:
add rba role radius-group-any domain-type System readonly-features arp
Verification:
Authenticate to the 61000/41000 Security System with a non-local user:
MyLaptop > ssh my_radius_user@my_61k_server
Upon successful authentication, the user 'my_radius_user' will be assigned the role 'radius-group-any' granted all the privileges defined in the radius-group-any role
|