Nortel Networks 4050 User Manual
Chapter 6 Configuring authentication 241
Nortel Secure Network Access Switch 4050 User Guide
Configuring advanced settings using the CLI
You can configure the Nortel SNAS 4050 domain to use one method for
authentication and another for authorization.
authentication and another for authorization.
For example, there are three authentication methods configured for the domain:
Local (auth ID 1), RADIUS (auth ID 2), and LDAP (auth ID 3). The user groups
are stored in an LDAP database. You can configure the domain to have the Local
and LDAP methods used for authorization after users have been authenticated by
RADIUS. In this example, the command is:
Local (auth ID 1), RADIUS (auth ID 2), and LDAP (auth ID 3). The user groups
are stored in an LDAP database. You can configure the domain to have the Local
and LDAP methods used for authorization after users have been authenticated by
RADIUS. In this example, the command is:
/cfg/domain 1/aaa/auth 2/
adv/groupauth 1,3
. When a user logs on through RADIUS, the system first
checks the RADIUS database. If no match is found, the system checks the other
authentication schemes (in the order in which you listed them in the
authentication schemes (in the order in which you listed them in the
groupauth
command) to see if the user name can be matched against user groups defined in
the authentication databases. The first group matched is returned to the Nortel
SNAS 4050 as the user’s group, and determines the user’s access privileges for the
session.
the authentication databases. The first group matched is returned to the Nortel
SNAS 4050 as the user’s group, and determines the user’s access privileges for the
session.
radius|ldap|local
Accesses a method-specific menu, in order to
configure settings for the method. The option displayed
depends on the method type.
configure settings for the method. The option displayed
depends on the method type.
•
radius
— accesses the RADIUS menu (see
•
ldap
— accesses the LDAP menu (see
)
•
local
— accesses the Local database menu
adv
Accesses the Advanced menu, in order to configure
the current method to retrieve group information from
other authentication schemes (see
the current method to retrieve group information from
other authentication schemes (see
del
Removes the method from the Nortel SNAS 4050
domain.
domain.
/cfg/domain 1/aaa/auth <auth ID>
followed by: