Cisco Cisco Web Security Appliance S170 Guida Utente
26-12
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 26 System Administration
Administering User Accounts
•
The
whoami
command displays the user name and group information:
•
The
last
command displays information about users who have recently logged into the appliance.
RADIUS User Authentication
You can configure the Web Security appliance to use a RADIUS directory service to authenticate users
logging in to the appliance. You can use external authentication when logging into the appliance using
HTTP, HTTPS, SSH, and FTP. To set up the appliance to use an external directory for authentication,
use the System Administration > Users page in the web interface or the
logging in to the appliance. You can use external authentication when logging into the appliance using
HTTP, HTTPS, SSH, and FTP. To set up the appliance to use an external directory for authentication,
use the System Administration > Users page in the web interface or the
userconfig > external
CLI
command.
You can configure the appliance to contact multiple external servers for authentication. You might want
to define multiple external servers to allow for failover in case one server is temporarily unavailable.
When you define multiple external servers, the appliance connects to the servers in the order defined on
the appliance.
to define multiple external servers to allow for failover in case one server is temporarily unavailable.
When you define multiple external servers, the appliance connects to the servers in the order defined on
the appliance.
When external authentication is enabled and a user logs into the Web Security appliance, the appliance
first determines if the user is the system defined “admin” account. If not, then the appliance checks the
first configured external server to determine if the user is defined there. If the appliance cannot connect
to the first external server, the appliance checks the next external server in the list. If the appliance cannot
connect to any external server, it tries to authenticate the user as a local user defined on the Web Security
appliance. If the user does not exist on any external server or on the appliance, or if the user enters the
wrong password, access to the appliance is denied.
first determines if the user is the system defined “admin” account. If not, then the appliance checks the
first configured external server to determine if the user is defined there. If the appliance cannot connect
to the first external server, the appliance checks the next external server in the list. If the appliance cannot
connect to any external server, it tries to authenticate the user as a local user defined on the Web Security
appliance. If the user does not exist on any external server or on the appliance, or if the user enters the
wrong password, access to the appliance is denied.
======== ========== ========= =========== ====
admin 03:27PM 0s 10.xx.xx.xx cli
example.com> whoami
Username: admin
Full Name: Administrator
Groups: admin, operators, config, log, guest
example.com> last
Username Remote Host Login Time Logout Time Total Time
======== =========== ================ ================ ==========
admin 10.xx.xx.xx Sat May 15 23:42 still logged in 15m
admin 10.xx.xx.xx Sat May 15 22:52 Sat May 15 23:42 50m
admin 10.xx.xx.xx Sat May 15 11:02 Sat May 15 14:14 3h 12m
admin 10.xx.xx.xx Fri May 14 16:29 Fri May 14 17:43 1h 13m
shutdown Fri May 14 16:22