User Guide
Chapter 6 Configuring authentication 241
Nortel Secure Network Access Switch 4050 User Guide
Configuring advanced settings using the CLI
You can configure the Nortel SNAS 4050 domain to use one method for
authentication and another for authorization.
For example, there are three authentication methods configured for the domain:
Local (auth ID 1), RADIUS (auth ID 2), and LDAP (auth ID 3). The user groups
are stored in an LDAP database. You can configure the domain to have the Local
and LDAP methods used for authorization after users have been authenticated by
RADIUS. In this example, the command is:
/cfg/domain 1/aaa/auth 2/
adv/groupauth 1,3
. When a user logs on through RADIUS, the system first
checks the RADIUS database. If no match is found, the system checks the other
authentication schemes (in the order in which you listed them in the
groupauth
command) to see if the user name can be matched against user groups defined in
the authentication databases. The first group matched is returned to the Nortel
SNAS 4050 as the user’s group, and determines the user’s access privileges for the
session.
radius|ldap|local
Accesses a method-specific menu, in order to
configure settings for the method. The option displayed
depends on the method type.
•
radius — accesses the RADIUS menu (see
“Configuring RADIUS authentication using the CLI”
on page 242)
•
ldap — accesses the LDAP menu (see
“Configuring LDAP authentication using the CLI” on
page 249)
•
local — accesses the Local database menu
(see “Configuring local database authentication
using the CLI” on page 261)
adv
Accesses the Advanced menu, in order to configure
the current method to retrieve group information from
other authentication schemes (see “Configuring
advanced settings using the CLI” on page 241).
del
Removes the method from the Nortel SNAS 4050
domain.
/cfg/domain 1/aaa/auth <auth ID>
followed by: