Cisco Cisco Web Security Appliance S390 ユーザーガイド
26-13
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 26 System Administration
Administering User Accounts
Step 2
Check the Enable External Authentication option if it is not enabled already.
Step 3
Enter the hostname for the RADIUS server.
Step 4
Enter the port number for the RADIUS server. The default port number is 1812.
Step 5
Enter the Shared Secret password for the RADIUS server.
Step 6
Enter the number of seconds for the appliance to wait for a response from the server before timing out.
Step 7
(Optional) Click Add Row to add another RADIUS server. Repeat steps
for each RADIUS server.
Note
You can add up to ten RADIUS servers.
Step 8
Enter the number of seconds AsyncOS stores the external authentication credentials before contacting
the RADIUS server again to re-authenticate in the “External Authentication Cache Timeout” field.
Default is zero (0).
the RADIUS server again to re-authenticate in the “External Authentication Cache Timeout” field.
Default is zero (0).
Note
If the RADIUS server uses one-time passwords, for example passwords created from a token,
enter zero (0). When the value is set to zero, AsyncOS does not contact the RADIUS server again
to authenticate during the current session.
enter zero (0). When the value is set to zero, AsyncOS does not contact the RADIUS server again
to authenticate during the current session.
Step 9
Configure Group Mapping:
Setting
Description
Map externally authenticated
users to multiple local roles.
users to multiple local roles.
AsyncOS assigns RADIUS users to appliance roles based on the
RADIUS CLASS attribute. CLASS attribute requirements:
RADIUS CLASS attribute. CLASS attribute requirements:
•
3 character minimum
•
253 character maximum
•
no colons, commas, or newline characters
•
one or more mapped CLASS attributes for each RADIUS user
(With this setting, AsyncOS denies access to RADIUS users
without a mapped CLASS attribute.)
(With this setting, AsyncOS denies access to RADIUS users
without a mapped CLASS attribute.)
For RADIUS users with multiple CLASS attributes, AsyncOS
assigns the most restrictive role. For example, if a RADIUS user
has two CLASS attributes, which are mapped to the Operator and
Read-Only Operator roles, AsyncOS assigns the RADIUS user to
the Read-Only Operator role, which is more restrictive than the
Operator role.
assigns the most restrictive role. For example, if a RADIUS user
has two CLASS attributes, which are mapped to the Operator and
Read-Only Operator roles, AsyncOS assigns the RADIUS user to
the Read-Only Operator role, which is more restrictive than the
Operator role.
These are the appliance roles ordered from least restrictive to most
restrictive:
restrictive:
•
Administrator
•
Operator
•
Read-Only Operator
•
Guest
Map all externally authenticated
users to the Administrator role.
users to the Administrator role.
AsyncOS assigns RADIUS users to the Administrator role.