Cisco Cisco Email Security Appliance C160 Guida Utente
28-21
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 28 Distributing Administrative Tasks
Passwords
To assign RADIUS users to Cisco user roles, first set the CLASS attribute on the RADIUS server with
a string value of
a string value of
<radius-group>
, which will be mapped to Cisco user roles. The CLASS attribute may
contain letters, numbers, and a dash, but cannot start with a dash. AsyncOS does not support multiple
values in the CLASS attribute. RADIUS users belonging to a group without a CLASS attribute or an
unmapped CLASS attribute cannot log into the appliance.
values in the CLASS attribute. RADIUS users belonging to a group without a CLASS attribute or an
unmapped CLASS attribute cannot log into the appliance.
If the appliance cannot communicate with the RADIUS server, the user can log in with a local user
account on the appliance.
account on the appliance.
Note
If an external user changes the user role for their RADIUS group, the user should log out of the appliance
and then log back in. The user will have the permissions of their new role.
and then log back in. The user will have the permissions of their new role.
Procedure
Step 1
On the System Administration > Users page, click Enable.
Step 2
Check the Enable External Authentication option if it is not enabled already.
Step 3
Enter the hostname for the RADIUS server.
Step 4
Enter the port number for the RADIUS server. The default port number is 1812.
Step 5
Enter the Shared Secret password for the RADIUS server.
Step 6
Enter the number of seconds for the appliance to wait for a response from the server before timing out.
Step 7
(Optional) Click Add Row to add another RADIUS server. Repeat steps
for each RADIUS server.
Note
You can add up to ten RADIUS servers.
Step 8
Enter the number of seconds AsyncOS stores the external authentication credentials before contacting
the RADIUS server again to re-authenticate in the “External Authentication Cache Timeout” field.
Default is zero (0).
the RADIUS server again to re-authenticate in the “External Authentication Cache Timeout” field.
Default is zero (0).
Note
If the RADIUS server uses one-time passwords, for example passwords created from a token,
enter zero (0). When the value is set to zero, AsyncOS does not contact the RADIUS server again
to authenticate during the current session.
enter zero (0). When the value is set to zero, AsyncOS does not contact the RADIUS server again
to authenticate during the current session.