Users, Groups, and Access Permissions
38
Note the importance of the group to which a given user belongs, as well
as the need to configure the group named, “Unknown”. If the external
authentication server returns a group name that is not recognized by the
Dominion KX II, that user's permissions are determined by the
permanent group named “Unknown”.
Refer to Implementing LDAP Remote Authentication (on page
115) and
Implementing RADIUS Remote Authentication (on page
118) to
determine how to configure your authentication server to return user
group information to the Dominion KX II as part of its reply to an
authentication query.
Users, Groups, and Access Permissions
The Dominion KX II stores an internal list of all user and group names to
determine access authorization and permissions. This information is
stored internally in an encrypted format. There are several forms of
authentication and this one is known as “local authentication”. All users
have to be authenticated; if Dominion KX II is configured for LDAP or
RADIUS, that authentication is processed first, followed by local
authentication.
Users
User names and passwords are required to gain access to the Dominion
KX II unit. This information is used to authenticate users attempting to
access your Dominion KX II unit. Refer to User Management for more
information about adding and editing users.
Groups
Every Dominion KX II unit is delivered with three default user groups;
these groups cannot be deleted:
Admin Users that are a member of this group have full
administrative privileges. The original, factory-default
user is a member of this group and has the complete
set of system privileges.
Unknown This is the default group for users who are
authenticated externally using LDAP or RADIUS. If the
external LDAP or RADIUS server does not identify a
valid user group, the Unknown group is used.