Cisco Cisco Web Security Appliance S170 사용자 가이드
26-13
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 26 System Administration
Administering User Accounts
Consider the following rules and guidelines when using external authentication:
•
You can configure up to ten RADIUS servers.
•
The appliance can communicate with RADIUS directories using either the Password Authentication
Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP).
Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP).
•
You can map all RADIUS users to the Administrator user role type or you can map RADIUS users
to different Web Security appliance user role types.
to different Web Security appliance user role types.
•
If you will also add local users, be sure that local user names do not duplicate
externally-authenticated user names.
externally-authenticated user names.
Enabling External Authentication Using RADIUS
Step 1
On the System Administration > Users page, click Enable.
Step 2
Check the Enable External Authentication option if it is not enabled already.
Step 3
Enter the hostname for the RADIUS server.
Step 4
Enter the port number for the RADIUS server. The default port number is 1812.
Step 5
Enter the Shared Secret password for the RADIUS server.
Step 6
Enter the number of seconds for the appliance to wait for a response from the server before timing out.
Step 7
(Optional) Click Add Row to add another RADIUS server. Repeat steps
for each RADIUS server.
Note
You can add up to ten RADIUS servers.
Step 8
Enter the number of seconds AsyncOS stores the external authentication credentials before contacting
the RADIUS server again to re-authenticate in the “External Authentication Cache Timeout” field.
Default is zero (0).
the RADIUS server again to re-authenticate in the “External Authentication Cache Timeout” field.
Default is zero (0).
Note
If the RADIUS server uses one-time passwords, for example passwords created from a token,
enter zero (0). When the value is set to zero, AsyncOS does not contact the RADIUS server again
to authenticate during the current session.
enter zero (0). When the value is set to zero, AsyncOS does not contact the RADIUS server again
to authenticate during the current session.