Mellanox MLNX-OS®Command Reference Guide for SX1018HP Ethernet Managed Blade Switch
Rev 1.6.2
Mellanox Technologies
142
aaa authorization
aaa authorization map [default-user <username> | order <policy>]
no aaa authorization map [default-user | order]
Sets the mapping permissions of a user in case a remote authentication is done.
The no form of the command resets the attributes to default.
Syntax Description username Specifies what local account the authenticated user will
be logged on as when a user is authenticated (via
RADIUS or TACACS+) and does not have a local
account. If the username is local, this mapping is
ignored.
policy Sets the user mapping behavior when authenticating
users via RADIUS or TACACS+ to one of three
choices. The order determines how the remote user
mapping behaves. If the authenticated username is
valid locally, no mapping is performed. The setting has
the following three possible behaviors:
• remote-first - If a local-user mapping attribute is returned
and it is a valid local username, it maps the authenticated
user to the local user specified in the attribute. Otherwise,
it uses the user specified by the default-user command.
• remote-only - Maps a remote authenticated user if the
authentication server sends a local-user mapping attri-
bute. If the attribute does not specify a valid local user, no
further mapping is tried.
• local-only - Maps all remote users to the user specified by
the “aaa authorization map default-user <user name>”
command. Any vendor attributes received by an authenti-
cation server are ignored.
Default Default user - admin.
Map order - remote-first.
Modes/Context Config
History 3.1.0000
Role admin
Example
switch (config) # aaa authorization map default-user admin
switch (config) # show aaa
AAA authorization:
Default User: admin
Map Order: remote-first
Authentication method(s):
local
Accounting method(s):
tacacs+
switch (config) #