Access rights transfer

The RADIUS server stores the user authorization. When a request arrives, the RADIUS server returns the access rights, privileges and the login data to the device, which then logs in the user with the appropriate rights.

Normally access rights are set in the RADIUS management privilege level (attribute 136), so that the device only needs to map the returned value to its internal access rights (option mapped). The attribute can have the following values, which are mapped by the device:

Attribute Access rights
1 User, read-only
3 User, write-only
5 Admin, read-only, no trace rights
7 Admin, read and write, no trace rights
9 Admin, read-only
11 Admin, read and write
15 Supervisor
Note: The device maps all other values to 'no access'.

However, it may be that the RADIUS server additionally needs to transfer privileges, or that attribute 136 is already used for other purposes and/or for vendor-specific authorization attributes. If this is the case, you should select Vendor-Specific attributes. These attributes are specified as follows, based on the vendor ID '2356':

The values transferred for access rights are identical to those mentioned above. If the RADIUS server should also transfer privileges, you achieve this as follows:

  1. Open the device console.
  2. Change to the directory Setup > Config > Admins.
  3. The command set ? shows you the current mapping of privileges to the corresponding hexadecimal code (e.g. Device-Search (0x80)).
  4. In order to combine privileges, you add their hex values.
  5. You can use this decimal value as the Privileges ID to transfer the corresponding privileges.
  6. You can use this decimal value as the Privileges ID to transfer the corresponding privileges.
SNMP ID:
2.11.81.2 
Console path:
Setup > Config > Radius
Possible values:
Vendor specific
Mapped
Shell privilege
Default:
Vendor specific

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo