Add/Modify Device User
Use this function to add/modify a device user.
Service Type
When a device management user attempts to log into a device, UAM checks whether the service type is configured for the user. If it is, UAM sends the value of the service type in the Access-Accept packet to the user. If it is not, UAM sends the default value of the service type in the Access-Accept packet to the user.
- Login: The user should be connected to a host.
- Framed: A Framed Protocol should be enabled for the user, such as PPP or SLIP.
- Callback Login: The user should be disconnected and called back, and then be reconnected to a host.
- Callback Framed: The user should be disconnected and called back, and then a Framed Protocol should be enabled for the User, such as PPP or SLIP.
- Outbound: The user should be granted access to outgoing devices.
- Administrative: The user should be granted access to the NAS through the administrative interface from which privileged commands can be executed.
- NAS Prompt: The user should be provided a command prompt on the NAS from which non-privileged commands can be executed.
- Authenticate Only: Only Authentication is requested, and no authorization information is returned in the Access-Accept packet (typically used by proxy servers rather than the NAS).
- Callback NAS Prompt: The user should be disconnected and called back, and then be provided with a command prompt on the NAS from which non-privileged commands can be executed.
- Call Check: Used by the NAS in an Access-Request packet to indicate that a call is being received and that the RADIUS server should send back an Access-Accept packet to answer the call, or in an Access-Reject packet to not accept the call, typically based on the Called-Station-Id or Calling-Station-Id attributes. Intelbras recommends using the value of Calling-Station-Id in the Access-Request packets as the value of the User-Name.
- Callback Administrative: The user should be disconnected and called back, and then be granted access to the NAS through the administrative interface from which privileged commands can be executed.
Proprietary Attribute Assignment Policy:
- UAM supports configuring RADIUS attribute assignment policies. You can specify the attributes and their values to be assigned to the access devices in an attribute assignment policy. After a policy is deployed to an access device, the access device can perform corresponding operations according to the policy, such as logging off users.
EXEC Priority:
- Priority to execute commands on the device. The greater the priority value, the higher the priority, and the more the accessible commands.
- If you leave this field blank, the default priority is used.
- You can select an EXEC priority for users using these types of services: Telnet, SSH, FTP, or Terminal.
FTP Directory:
- This parameter can be displayed only when you select FTP from the Service Type drop-down list. It indicates the directory that a device user enters after logging in.
Role Name:
- This parameter indicates the role assigned to the device user after the device user logs in to the device. Support for this parameter depends on the device model.
Super Role Name:
- This parameter indicates the role to which the device user can be switched after logging in to the device. Support for this parameter depends on the device model.
Bound User IP List:
- It lists a group of host IP addresses, indicating that only hosts in this list can log in the access devices.
IP Address List of Managed Devices:
- It lists the IP addresses of a group of access devices, indicating that a device user can only log in the access devices in this list.
Operation Procedure
- Select the User tab. Click Access User > Device User from the navigation tree to enter the page listing device users.
- You can click Add to enter the page where you can add a device user, or click the
link to enter the page for modification.
- Type the basic information of the device user. Add the IP address of the bound user and the IP address of the managed device.
- Click OK to finish.
Precautions
- When the device radius configuration does not require authentication to carry domain name, add the device management user's account name in the form of "user name"; when the device radius configuration requires authentication of carrying domain name, add the device management user's account name to the form of "user name @ domain name".
Related Topics