Owners manual

2. Web Conﬁguration Interface

Access Rights Permission String – In order for access rights to be assigned in User or Group authentication mode, a permission string

must be entered into the directory attribute that is assigned to each User or Group. The name of this attribute must be entered into the

Access Rights Attribute ﬁeld in the Mode section of the Authentication page. See below for an explanation of how the permission string

needs to be formatted.

Access Category – An Access Category is an entry in the permission string that refers to a particular access right to the KVM switch. The

available Access Categories are listed below.

Note:

1. Access Categories are case sensitive.

2. Access rights must be assigned for each Access Category, regardless of whether User or Admin is assigned as the kvmrole.

• kvmdevice – ReferstotheDeviceNameofaNetCommanderIPMulti-UserKVMswitch.TheDeviceNameofaKVMcanbefound

in the Device tab of the Conﬁgurationsectionofthewebcongurationinterface(SeetheDevicesectioninthismanualfordetails).If

kvmdevice is not referenced in the permission string, then access will be allowed to all KVM switches.

• kvmrole – Refers to the type of account, and can be either Admin or User (SeetheUsers section of this manual for details on these

accounttypes).

• kvmports – Refers to the list of ports that an account is allowed to access. Ports are separated in the permission string by a comma.

Anasterisk(*)canbeusedtoindicateaccesstoallports.

• vm_ports – Refers to the list of virtual media ports that an account is allowed to access. Ports are separated in the permission string by

acomma.Anasterisk(*)canbeusedtoindicateaccesstoallports.

• kvmtelports – Refers to the list of serial ports that an account is allowed to access. Ports are separated in the permission string by a

comma.Anasterisk(*)canbeusedtoindicateaccesstoallports.

Sample Permission String

kvmdevice:D1144567,kvmrole:user,kvmports:1,2,5,vm_ports:1,2,kvmtelports:*

The permission string above assigns a User or GroupwithaccesstotheKVMwithDeviceNameD1144567.TheaccountisgivenUser

permissions and has access to ports 1, 2, and 5 on the KVM, can access virtual media on ports 1 and 2, and can access all serial ports.

RADIUS Authentication Settings – Once enabled in the Enabled Authentications Methods section, RADIUS authentication is set up using

the ﬁelds in the Authentication Sources section. To setup RADIUS authentication, make sure that the RADIUS tab in the Authentication

Sources section is selected, and then follow the instructions below. Note: For RADIUS Authentication to work properly, a Tripp Lite dictionary

must be installed on the RADIUS server. The dictionary should be present in the latest dictionaries supplied by FreeRADIUS, or can be

manually downloaded at www.tripplite.com/support.

Servers – At the bottom of the page, the Servers section allows you to add RADIUS servers to the KVM. As with the authentication methods

in the Enabled Authentication Methods section at the top of the page, RADIUS servers can be listed according to priority. The ﬁrst server

in the list will be the ﬁrst one accessed by the KVM during authentication, followed by the second server, etc. To avoid performance issues

during the authentication process, it is recommended that you add no more than three RADIUS servers.

•ToaddaRADIUSservertothelist,clickontheAdd button to bring up the Add RADIUS Server screen.

•EntertheIPv4, IPv6, or Host address for your RADIUS server in the corresponding ﬁeld.

Note: The Host name should only be used for IPv4 RADIUS servers. For IPv6 RADIUS servers, the IPv6 address should be used instead of

a Host name.

•SelecttheauthenticationPort number and Accounting Port number to be assigned to the server. The default authentication port number is

1812, and the default accounting port number is 1813.

14-03-051 93-32D5.indd 33 3/14/2014 9:52:33 AM