Manualshelf

HP StorageWorks Enterprise File Services WAN Accelerator 3.0.4 Command-Line Interface reference manual (AG421-96004, March 2007)

ManualsBrandsHP ManualsSoftwareHP StorageWorks Enterprise File Services (EFS) DL320-M25 WAN Accelerator Manager
81828384858687888990
HP STORAGEWORKS EFS WAN ACCELERATOR COMMAND-LINE INTERFACE REFERENCE MANUAL 81
4 - CONFIGURATION-MODE
C
OMMANDS
aaa authorization map default-user
Description Sets the local user default mapping for RADIUS or TACACS+ server authentication.
When a user is authenticated (through RADIUS or TACACS+) and does not have a
local account, this command specifies what local account the authenticated user will
be logged in as. If the user name is local, this mapping is ignored. This mapping
depends on the setting of the aaa authorization map order command.
The no command option disables user default mapping.
Syntax [no] aaa authorization map default-user <user_name>
Parameters
Example
minna (config) # aaa authorization map default-user admin
minna (config) #
aaa authorization map order
Description Sets the order for remote to local user mappings for RADIUS or TACACS+ server
authentication.
The no command option disables authentication.
Syntax [no] aaa authentication map order <policy>
Parameters
Usage The order determines how the remote user mapping behaves. If the authenticated user
name is valid locally, no mapping is performed. The setting has the following
behaviors:
remote-first. If a local-user mapping attribute is returned and it is a valid local
user name, map the authenticated user to the local user specified in the attribute.
If the attribute is not present or not valid locally, use the user name specified by
the default-user command. This is the default behavior.
remote-only. Map only to a remote authenticated user if the authentication server
sends a local-user mapping attribute. If the attribute does not specify a valid local
user, no further mapping is attempted.
local-only. All remote users are mapped to the user specified by the aaa
authorization map default-user <user name> command. Any vendor attributes
received by an authentication server are ignored.
<user_name> Specifies the user name for RADIUS or TACACS+ authentication: admin
or monitor.
<policy> Specifies the order in which to apply the authentication policy: remote-only,
remote-first, local-only.