Cisco Cisco Web Security Appliance S380 Guía Del Usuario
22-9
AsyncOS 8.7 for Cisco Web Security Appliances User Guide
Chapter 22 Perform System Administration Tasks
Administering User Accounts
Step 7
In the External Authentication Cache Timeout field, enter the number of seconds AsyncOS stores the
external authentication credentials before contacting the RADIUS server again to re-authenticate.
Default is zero.
external authentication credentials before contacting the RADIUS server again to re-authenticate.
Default is zero.
Note
If the RADIUS server uses one-time passwords, for example passwords created from a token,
enter zero (0). When the value is set to zero, AsyncOS does not contact the RADIUS server again
to authenticate during the current session.
enter zero (0). When the value is set to zero, AsyncOS does not contact the RADIUS server again
to authenticate during the current session.
Step 8
Configure Group Mapping—Select whether to map all externally authenticated users to the
Administrator role or to different appliance-user role types.
Administrator role or to different appliance-user role types.
Step 9
Submit and commit your changes.
Related Topics
•
•
Setting
Description
Map externally authenticated
users to multiple local roles.
users to multiple local roles.
Enter a group name as defined in the RADIUS CLASS attribute,
and choose an appliance Role type. You can add more role
mappings by clicking Add Row.
and choose an appliance Role type. You can add more role
mappings by clicking Add Row.
AsyncOS assigns RADIUS users to appliance roles based on the
RADIUS CLASS attribute. CLASS attribute requirements:
RADIUS CLASS attribute. CLASS attribute requirements:
•
three-character minimum
•
253-character maximum
•
no colons, commas, or newline characters
•
one or more mapped CLASS attributes for each RADIUS user
(With this setting, AsyncOS denies access to RADIUS users
without a mapped CLASS attribute.)
(With this setting, AsyncOS denies access to RADIUS users
without a mapped CLASS attribute.)
For RADIUS users with multiple CLASS attributes, AsyncOS
assigns the most restrictive role. For example, if a RADIUS user
has two CLASS attributes, which are mapped to the Operator and
Read-Only Operator roles, AsyncOS assigns the RADIUS user to
the Read-Only Operator role, which is more restrictive than the
Operator role.
assigns the most restrictive role. For example, if a RADIUS user
has two CLASS attributes, which are mapped to the Operator and
Read-Only Operator roles, AsyncOS assigns the RADIUS user to
the Read-Only Operator role, which is more restrictive than the
Operator role.
These are the appliance roles ordered from most restrictive to least
restrictive:
restrictive:
•
Administrator
•
Operator
•
Read-Only Operator
•
Guest
Map all externally authenticated
users to the Administrator role.
users to the Administrator role.
AsyncOS assigns all RADIUS users to the Administrator role.