Cisco Cisco Content Security Management Appliance M1070 User Guide
13-17
AsyncOS 9.6 for Cisco Content Security Management Appliances User Guide
Chapter 13 Distributing Administrative Tasks
About Authenticating Administrative Users
Note
If you lock the admin account, you can only unlock it by logging in as the admin through a serial
communications connection to the serial console port. The admin user can always access the appliance
using the serial console port, even when the admin account is locked. See the “Setup and Installation”
chapter in the documentation or online help for your Email Security appliance for more information on
accessing the appliance using the serial console port.
communications connection to the serial console port. The admin user can always access the appliance
using the serial console port, even when the admin account is locked. See the “Setup and Installation”
chapter in the documentation or online help for your Email Security appliance for more information on
accessing the appliance using the serial console port.
External User Authentication
If you store user information in an LDAP or RADIUS directory on your network, you can configure your
Security Management appliance to use the external directory to authenticate users who log in to the
appliance.
Security Management appliance to use the external directory to authenticate users who log in to the
appliance.
Note
•
Some features described in
are not available to
externally-authenticated users.
•
If your deployment uses both local and external authentication, local user names must not duplicate
externally-authenticated user names.
externally-authenticated user names.
•
If the appliance cannot communicate with the external directory, a user who has both an external
and a local account can log in with a local user account on the appliance.
and a local account can log in with a local user account on the appliance.
Configuring LDAP Authentication
To configure LDAP authentication, see
Enabling RADIUS Authentication
You can use a RADIUS directory to authenticate users and assign groups of users to user roles for
administering your appliance. The RADIUS server should support the CLASS attribute, which AsyncOS
uses to assign users in the RADIUS directory to user roles.
administering your appliance. The RADIUS server should support the CLASS attribute, which AsyncOS
uses to assign users in the RADIUS directory to user roles.
Note
If an external user changes the user role for their RADIUS group, the user should log out of the appliance
and then log back in. The user will have the permissions of their new role.
and then log back in. The user will have the permissions of their new role.
Before You Begin
The Shared Secret key for access to the RADIUS server must be no more than 48 characters long.
Procedure
Step 1
On the Management Appliance > System Administration > Users page, click Enable.
Step 2
Select the Enable External Authentication check box.
Step 3
Select RADIUS for the authentication type.
Step 4
Enter the host name for the RADIUS server.