Cisco Cisco Transport Manager 9.0 기술 참조
13
Cisco Transport Manager Release 9.0 Basic External Authentication
OL-15571-01
Table of RADIUS Attributes
–
Autologin
The preceding features do not work when a user is logged in and the access server or the access
server administrator changes that user’s credentials. For example, the RADIUS RSA authentication
manager can authenticate users by means of hardware devices (tokens) that generate a
pseudorandom number that is used as a password. This number changes every minute, so a locked
out user does not know which password was used to log in successfully in the past. To prevent this
problem, open the CTM client and in the Domain Explorer, choose Administration > Control
Panel > Security Properties and uncheck the Lockout Enable check box.
server administrator changes that user’s credentials. For example, the RADIUS RSA authentication
manager can authenticate users by means of hardware devices (tokens) that generate a
pseudorandom number that is used as a password. This number changes every minute, so a locked
out user does not know which password was used to log in successfully in the past. To prevent this
problem, open the CTM client and in the Domain Explorer, choose Administration > Control
Panel > Security Properties and uncheck the Lockout Enable check box.
•
If the CTM client disconnects from the CTM server, the client automatically tries to log in again
using the cached username and password, which are no longer valid. The automatic login attempts
fail. To resolve this problem, close the automatic login wizard and launch the CTM client again.
using the cached username and password, which are no longer valid. The automatic login attempts
fail. To resolve this problem, close the automatic login wizard and launch the CTM client again.
•
Password aging rules and login preferences do not work, because they are demanded of the external
access server. For this reason, these rules must remain disabled on the CTM client. When external
authentication is enabled, the following fields in the Control Panel > Security Properties > CTM
Security tab are automatically set to 0 (disabled):
access server. For this reason, these rules must remain disabled on the CTM client. When external
authentication is enabled, the following fields in the Control Panel > Security Properties > CTM
Security tab are automatically set to 0 (disabled):
–
Password Aging
–
Password Expiration Early Notification
–
Max Retries
–
Login Disable Period
•
The password change feature changes the local password. For this reason, do not use the password
change feature when external authentication is enabled. Furthermore, password changing policies
are access server dependent. In the Domain Explorer, choose Administration > CTM Users. In the
CTM Users table, choose Edit > Create. In the Create New User wizard, uncheck the Require
Password Change on Next Login check box.
change feature when external authentication is enabled. Furthermore, password changing policies
are access server dependent. In the Domain Explorer, choose Administration > CTM Users. In the
CTM Users table, choose Edit > Create. In the Create New User wizard, uncheck the Require
Password Change on Next Login check box.
•
Although authentication is external, authorization is local. For example, user privileges are managed
locally.
locally.
Table of RADIUS Attributes
The following table lists the RADIUS attributes that CTM R9.0 supports. The table uses the following
values:
values:
•
Request/Accept/Reject/Challenge:
–
0—The attribute MUST NOT be present in the packet.
–
0+—Zero or more instances of the attribute MAY be present in the packet.
–
0-1—Zero or one instance of the attribute MAY be present in the packet.
–
1—Exactly one instance of the attribute MUST be present in the packet.
•
No.—Number of the RADIUS attribute as specified in the referenced RFC.
•
Attribute—Name of the RADIUS attribute.
•
Details—Details about the attribute: how it is used, delivered, or interpreted by the RADIUS client
on the CTM server.
on the CTM server.
•
RFC—Number of the referenced RFC.
•
RFC Req. Type—Whether a “requirement statement” is present in the referenced RFC.