Select Serial & Network: Authentication
Select the relevant Authentication Method
Check the Use Remote Groups button
9.1.7 Remote groups with RADIUS authentication
Enter the RADIUS Authentication and Authorization Server Address and Server Password
Click Apply.
Edit the Radius user’s file to include group information and restart the Radius server
When using RADIUS authentication, group names are provided to the console server using the
Framed-Filter-Id attribute. This is a standard RADIUS attribute, and may be used by other devices
that authenticate via RADIUS.
To interoperate with other devices using this field, the group names can be added to the end of any
existing content in the attribute, in the following format:
:group_name=testgroup1,users:
The above example sets the remote user as a member of testgroup1 and users if groups with those
names exist on the console server. Any groups which do not exist on the console server are ignored.
When setting the Framed-Filter-Id, the system may also remove the leading colon for an empty field.
To work around this, add some dummy text to the start of the string. For example:
dummy:group_name=testgroup1,users:
If no group is specified for a user, for example AmandaJones, then the user will have no User
Interface and serial port access but limited console access
Default groups available on the console server include ‘admin’ for administrator access and
‘users’ for general user access
TomFraser
AmandaJones
FredWhite
JanetLong
Cleartext-Password := ”FraTom70”
Framed-Filter-Id=”:group_name=admin:”
Cleartext-Password := ”JonAma83”
Cleartext-Password := ”WhiFre62”
Framed-Filter-Id=”:group_name=testgroup1,users:”
Cleartext-Password := ”LonJan57”
Framed-Filter-Id=”:group_name=admin:”
Additional local groups such as testgroup1 can be added via Users & Groups: Serial &
Network
9.1.8 Remote groups with LDAP authentication
Unlike RADIUS, LDAP has built in support for group provisioning, which makes setting up remote groups
easier. The console server will retrieve a list of all the remote groups that the user is a direct member of,
and compare their names with local groups on the console server.
Note: Any spaces in the group name will be converted to underscores.
_____________________________________________________________________
724-746-5500 | blackbox.com Page 172