Raritan Computer IPR-TR364 用户手册
48
IP-R
EACH
U
SER
M
ANUAL
-
No Limit (default): Each active user can consume as much bandwidth as needed.
-
10, 5, 2, or 1 megabit or 512, 256, 128 kilobit: Bandwidth consumed by each active user
during the operation of this IP-Reach unit is limited to the selected quantity. The lower the
bandwidth allowed, the slower the performance that may result.
during the operation of this IP-Reach unit is limited to the selected quantity. The lower the
bandwidth allowed, the slower the performance that may result.
Press <Ctrl+S> to save changes or <Esc> to cancel changes, and return to Configuration Menu. Saved
Performance Settings changes will not take effect until IP-Reach is restarted.
Performance Settings changes will not take effect until IP-Reach is restarted.
Important: The details of the next two sections:
Remote Authentication:
Users, Groups, and
Access Permissions
and
Remote Authentication Implementation
have changed drastically from
version 3.1. Please read these sections carefully.
Remote Authentication: Users, Groups, and Access
Permissions
Overview
IP-Reach keeps an internal list of user and group names to determine access authorization and permissions.
This information is stored internally in a hashed / encrypted format.
This information is stored internally in a hashed / encrypted format.
Note to CommandCenter Users
If you plan to configure IP-Reach to be integrated with and controlled by Raritan’s CommandCenter
management appliance, this section of the User Manual does not apply to you. When an IP-Reach unit is
controlled by CommandCenter, CommandCenter determines the allowed users and groups. Please refer to
your CommandCenter User Guide.
If you plan to configure IP-Reach to be integrated with and controlled by Raritan’s CommandCenter
management appliance, this section of the User Manual does not apply to you. When an IP-Reach unit is
controlled by CommandCenter, CommandCenter determines the allowed users and groups. Please refer to
your CommandCenter User Guide.
Note to Raritan Customers Upgrading from Previous Firmware Versions
If you previously configured Raritan products such as Dominion KSX and IP-Reach running legacy
firmware versions earlier than v3.2, read this entire section carefully. Beginning with firmware version v3.2
and above, the implementation of users and groups has changed significantly to provide more flexible and
powerful configurations.
If you previously configured Raritan products such as Dominion KSX and IP-Reach running legacy
firmware versions earlier than v3.2, read this entire section carefully. Beginning with firmware version v3.2
and above, the implementation of users and groups has changed significantly to provide more flexible and
powerful configurations.
Relationship between Users and Group Entries
IP-Reach organizes all users into groups. Assigning users to groups allows you to manage permissions for
all users in a given group at once, instead of managing permissions on a user-by-user basis.
all users in a given group at once, instead of managing permissions on a user-by-user basis.
•
User information is used to determine user authentication (i.e., is a given user allowed to access IP-
Reach at all?)
•
Group information is used to determine authorization for all users in a given group (i.e., to which
ports on IP-Reach do the users in a group have access rights?)
You may choose not to associate specific users with groups. In this case, IP-Reach classifies the user as
“Individual.”
“Individual.”
Mandatory User Groups
Every IP-Reach has three default user groups. These groups cannot be deleted:
ADMIN
User group for original, factory-default administrative user.
NONE
Permissions defined for this group are employed for a user when your IP-Reach is
configured for remote authentication via LDAP or RADIUS (see next section), and a
login attempt is successful but no user group is returned by the remote authentication
server.
configured for remote authentication via LDAP or RADIUS (see next section), and a
login attempt is successful but no user group is returned by the remote authentication
server.
UNKNOWN
Permissions defined for this group are employed for a user when your IP-Reach is
configured for remote authentication via LDAP or RADIUS (see next section), and a
login attempt is successful but the user group returned by the remote authentication
server is not found in IP-Reach.
configured for remote authentication via LDAP or RADIUS (see next section), and a
login attempt is successful but the user group returned by the remote authentication
server is not found in IP-Reach.