![]() ![]() A user logged in as a general user cannot execute commands that require administrator authority. In the custom GUI, a user logged in as an administrator with RADIUS authentication can access individual pages of users and can execute all commands including those requiring administrator authority. When registering a user on the RADIUS server, set the value of the Service-Type attribute to "Administrative". In addition, you need to be an administrator to login to the easy setup page. A user logged in as a general user can only access the general pages. In the regular GUI, a user logged in as an administrator with RADIUS authentication can access both the general pages and the administrator pages. Also, users registered in the RADIUS server cannot login with the administrator password set by the administrator password command. Users registered by the login user command cannot login with the administrator password registered (as username "*administrator") on the RADIUS server. If the value of the Service-Type attribute is "Login", it will be a general user, and in the case of "Administrative", it will be an administrator. When a user logged in with RADIUS authentication, whether the user's authority is general user or administrator is determined by the value of the Service-Type attribute included in the Access-Accept sent from the server. The conditions for querying the RADIUS server during the login authentication operation are the same as for the console. It is possible for users logged in with local authentication to switch to the administrator with RADIUS authentication, or users logged in with RADIUS authentication to switch to the administrator with local authentication. The username when querying the RADIUS server is "*administrator". The router does not query the RADIUS server. ![]() ![]() Even if the administrator radius auth command is set to "only", if the radius auth command is set to "off", the router compares the entered password with the administrator password set by the administrator password command.The router does not compare with the administrator password set by administrator password command. If the administrator radius auth command is set to "only", the router queries the RADIUS server only.If the password does not match, the router queries the RADIUS server. If the administrator radius auth command is set to "on", the router first compares the entered password with the administrator password set by the administrator password command.If the administrator radius auth command is set to "off", the router compares the entered password with the administrator password set by the administrator password command. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |