 |
» |
|
|
|
User
profiles associate information with a user name for authentication
and authorization. This information is defined by attribute-value
pairs. The server configuration must include profiles for all the
users that can access services through the AAA server. If a user
profile is not included in the configuration, the server will reject
the users access request. Profiles may be stored in flat text files or an external source.
This section covers user profiles stored in a text file. The Users
screen allows you to add a new user to, modify an existing user in,
or delete an existing user from a text file. This screen is accessed
by selecting the Users link from the graphic interfaces Navigation
Tree or through the Realms screen by selecting the Users icon for
a realm that is configured for the File authentication type. When
you create, modify, or delete a user, the corresponding screen will
display. Navigating
the Define Users Screen | |
Selecting the
New User link or the following icon will display the General tab
of the user creation screen: Selecting an existing user
or the following icon will display a form of the corresponding realm's
attributes for modification: Selecting the following icon
will display a confirmation screen before you delete the corresponding
entry: Selecting the following icon
will move the corresponding entry up one level: Selecting the following icon
will move the corresponding entry down one level: Selecting the following icon
will display a context sensitive HTML help screen:
Adding
or Modifying a User Profile | |
When adding a new user profile to
the server configuration or modifying an existing entry, you supply
values for the user profile attributes through a form's
fields. This form is tabbed according to groups of attribute-value
pairs. Initially, the General tab is active. - User Name:
Value to compare to the User-Name
attribute value in the request. It must be less than 64 characters. &, ",
~, \, /,%, $, ', and space characters may not be
used.
The remaining fields and tabs in Define Users screen allow
you to specify three types of user profile attributes: configuration
items, check items, and reply items. - Configuration Items:
These items indicate various
Interlink-specific attributes that the server can use to perform
authentication or authorization functions. A user profile must include
either the Password attribute or the Authentication-Type and Server-Name
attributes (Server-Name is only required for some authentication
types and should be listed as a check item under the Free tab.)
Additional items are optional. - Check Items:
An optional list of zero
or more attribute-value pairs, delimited by white space. These items
indicate various attribute values that the server will compare to
the corresponding attribute values in the Access-Request. - Reply Items:
Reply items generally get
returned to configure the client for the user's session.
They include information like PPP configuration values, the name of
the host that the user wishes to connect to, or an optional packet
filter name.
Each of the fields on the first four tabs (General, NAS/Login,
Framed, and Others) corresponds to an attribute that can be used
in a user profile as a check or reply item. When specifying attribute
values through these tabs, all A-V pairs that may ordinarily be
used as either a check or a reply item in a server configuration
are automatically added as a reply item, unless the Free tab is
used. There are many more attributes, including vendor-specific
attributes, that can be added to a user profile. The Free tab allows
you to enter any of these attributes in the Check and Reply list
boxes. To add attributes to the list boxes, follow the Attribute
= Value syntax. A-V pairs may be listed one per line. When adding
a new user profile, you select the Create button to submit it to
the AAA Server Manager. When modifying an existing profile, you
select the Modify button to submit changes to the user profile.
In either case if each field contains a valid value, the profile
will be created or modified; otherwise, an error message is displayed.
You can always select the Cancel button and return to the Users
screen without making any changes to your server configuration. Deleting
a User Profile | |
You
may delete a user profile in the default users file or in a realm
file, which is the file created for a realm that uses File type
authentication. To delete a profile, select the icon for an existing
user profile from the Users File screen (accessed by selecting Users
from the Navigation Tree). To delete a user in a realm file, on
the Local Realms screen you must first select the icon for a listed
realm that is configured for File type authentication. The User Deletion
screen allows you to preview a profile before you delete it. Special
Entries | |
Also, there may be four special entries in the default users
file. As distributed with the software, these entries are active
(not commented out) in the users file. |
Printable version
