User
profiles associate information with a user name for authentication
and authorization. This information is defined by attribute-value
pairs. The server configuration must include profiles for all the
users that can access services through the AAA server. If a user
profile is not included in the configuration, the server will reject
the users access request.
Profiles may be stored in flat text files or an external source.
The Users screen allows you to add a new user, modify an existing
user, or delete an existing user from a text file. This screen is
accessed by selecting the Users link from the graphic interfaces
Navigation Tree.
When adding a new user profile to the server configuration
or modifying an existing entry, you supply values for the user profile
attributes through a form’s fields. This form is tabbed according
to groups of attribute-value pairs. Initially, the General tab is
active.
- User Name:
Value to compare
to the User-Name attribute value in the request. It must be less
than 64 characters. &, “, ~, \, /,%,
$, ‘, and space characters may not be used.
 |
| |
|
 | IMPORTANT: You must enter the user’s fully-qualified
name when adding to the default users file (using the Users link
in the Navigation Tree): for example, enter user1@organization.com instead of only entering user1. |
|
| |
|
- Authentication Type:
Use this field to supersede
the Authentication type specified in the user’s realm.
Selecting Local will use the authentication method specified by
the user’s realm.
- Password and Confirm Password:
Enter the user’s
password and confirm it by entering it again.
- Password Hashing Mechanism:
Choose how you want to store
user passwords by selecting a hashing method. Select Plain Text
to be compatible with most client password hashing methods. If you
prefer not to use Plain Text, be sure the password storage hashing
method you choose is compatible with the client password hashing
method as described in Table 3-1 “Password
Hashing Compatibility”.
The remaining fields and tabs in Define Users screen allow
you to specify two types of user profile attributes: check items
and reply items.
- Check Items:
An optional list of zero
or more attribute-value pairs, delimited by white space. These items
indicate various attribute values that the server will compare to
the corresponding attribute values in the Access-Request.
- Reply
Items:
Reply items generally get
returned to configure the client for the user’s session.
They include information like PPP configuration values, the name of
the host that the user wishes to connect to, or an optional packet
filter name.
Each of the fields on the first four tabs (General, NAS/Login,
Framed, and Others) corresponds to an attribute that can be used
in a user profile as a check or reply item. When specifying attribute
values through these tabs, all A-V pairs that may ordinarily be
used as either a check or a reply item in a server configuration
are automatically added as a reply item, unless the Free tab is
used.
There are many more attributes, including vendor-specific
attributes, that can be added to a user profile. The Free tab allows
you to enter any of these attributes in the Check and Reply list
boxes.
To add attributes to the list boxes, follow the Attribute
= Value syntax. A-V pairs may be listed one per line. When adding
a new user profile, you select the Create button to submit it to
the AAA Server Manager. When modifying an existing profile, you
select the Modify button to submit changes to the user profile.
In either case if each field contains a valid value, the profile
will be created or modified; otherwise, an error message is displayed.
You can always select the Cancel button and return to the Users
screen without making any changes to your server configuration.
Printable version
