Cisco Cisco Web Security Appliance S170 Guía Del Usuario
21-10
Cisco AsyncOS 8.0.6 for Web User Guide
Chapter 21 Perform System Administration Tasks
Administering User Accounts
For other accounts, edit the account and change the password in the Local User Settings page.
Related Topics
•
RADIUS User Authentication
The Web Security appliance can use a RADIUS directory service to authenticate users that log in to the
appliance using HTTP, HTTPS, SSH, and FTP. You can configure the appliance to contact multiple
external servers for authentication, using either PAP or CHAP authentication. You can map external
users accounts to different Web Security appliance user role types.
appliance using HTTP, HTTPS, SSH, and FTP. You can configure the appliance to contact multiple
external servers for authentication, using either PAP or CHAP authentication. You can map external
users accounts to different Web Security appliance user role types.
Sequence of Events For Radius Authentication
When external authentication is enabled and a user logs into the Web Security appliance, the appliance:
1.
determines if the user is the system defined “admin” account.
2.
If not, checks the first configured external server to determine if the user is defined there.
3.
If the appliance cannot connect to the first external server, it checks the next external server in the
list.
list.
4.
If the appliance cannot connect to any external server, it tries to authenticate the user as a local user
defined on the Web Security appliance.
defined on the Web Security appliance.
5.
If the user does not exist on any external server or on the appliance, or if the user enters the wrong
password, access to the appliance is denied.
password, access to the appliance is denied.
Enabling External Authentication Using RADIUS
Step 1
On the System Administration > Users page, click Enable.
Step 2
Check the Enable External Authentication checkbox.
Step 3
Enter the hostname, port number, and Shared Secret password for the RADIUS server.
Step 4
Enter the number of seconds for the appliance to wait for a response from the server before timing out.
Step 5
Choose the authentication protocol used by the RADIUS server.
Step 6
(Optional) Click Add Row to add another RADIUS server. Repeat steps
–
for each RADIUS server.
Note
You can add up to ten RADIUS servers.
Step 7
Enter the number of seconds AsyncOS stores the external authentication credentials before contacting
the RADIUS server again to re-authenticate in the “External Authentication Cache Timeout” field.
Default is zero (0).
the RADIUS server again to re-authenticate in the “External Authentication Cache Timeout” field.
Default is zero (0).
Note
If the RADIUS server uses one-time passwords, for example passwords created from a token,
enter zero (0). When the value is set to zero, AsyncOS does not contact the RADIUS server again
to authenticate during the current session.
enter zero (0). When the value is set to zero, AsyncOS does not contact the RADIUS server again
to authenticate during the current session.