Owners manual

2. Web Conﬁguration Interface

Access Rights Permission String – In order for access rights to be assigned in User or Group authentication mode, a permission string

must be entered into the directory attribute that is assigned to each User or Group. The name of this attribute must be entered into the

Access Rights Attribute ﬁeld in the Mode section of the Authentication page. See below for an explanation of how the permission string

needs to be formatted.

Access Category – An Access Category is an entry in the permission string that refers to a particular access right to the KVM switch. The

available Access Categories are listed below.

Note:

1. Access Categories are case sensitive.

2. Access rights must be assigned for each Access Category, regardless of whether User or Admin is assigned as the kvmrole.

• kvmdevice – ReferstotheDeviceNameofaNetCommanderIPMulti-UserKVMswitch.TheDeviceNameofaKVMcanbefound

in the Device tab of the Conﬁguration section of the web conﬁguration interface (See the Device section in this manual for details). If

kvmdevice is not referenced in the permission string, then access will be allowed to all KVM switches.

• kvmrole –Referstothetypeofaccount,andcanbeeitherAdmin or User (See the Users section of this manual for details on these

account types).

• kvmports –Referstothelistofportsthatanaccountisallowedtoaccess.Portsareseparatedinthepermissionstringbyacomma.

An asterisk (*) can be used to indicate access to all ports.

• vm_ports –Referstothelistofvirtualmediaportsthatanaccountisallowedtoaccess.Portsareseparatedinthepermissionstringby

a comma. An asterisk (*) can be used to indicate access to all ports.

• kvmtelports –Referstothelistofserialportsthatanaccountisallowedtoaccess.Portsareseparatedinthepermissionstringbya

comma. An asterisk (*) can be used to indicate access to all ports.

Sample Permission String

kvmdevice:D1144567,kvmrole:user,kvmports:1,2,5,vm_ports:1,2,kvmtelports:*

The permission string above assigns a User or GroupwithaccesstotheKVMwithDeviceNameD1144567.TheaccountisgivenUser

permissionsandhasaccesstoports1,2,and5ontheKVM,canaccessvirtualmediaonports1and2,andcanaccessallserialports.

RADIUS Authentication Settings – Once enabled in the Enabled Authentications Methodssection,RADIUSauthenticationissetupusing

the ﬁelds in the Authentication Sourcessection.TosetupRADIUSauthentication,makesurethattheRADIUS tab in the Authentication

Sources section is selected, and then follow the instructions below. Note: For RADIUS Authentication to work properly, a Tripp Lite dictionary

must be installed on the RADIUS server. The dictionary should be present in the latest dictionaries supplied by FreeRADIUS, or can be

manually downloaded at www.tripplite.com/support.

Servers – At the bottom of the page, the ServerssectionallowsyoutoaddRADIUSserverstotheKVM.Aswiththeauthenticationmethods

in the Enabled Authentication Methodssectionatthetopofthepage,RADIUSserverscanbelistedaccordingtopriority.Therstserver

in the list will be the ﬁrst one accessed by the KVM during authentication, followed by the second server, etc. To avoid performance issues

duringtheauthenticationprocess,itisrecommendedthatyouaddnomorethanthreeRADIUSservers.

•ToaddaRADIUSservertothelist,clickontheAdd button to bring up the Add RADIUS Server screen.

•EntertheIPv4, IPv6, or Host addressforyourRADIUSserverinthecorrespondingeld.

Note: The Host name should only be used for IPv4 RADIUS servers. For IPv6 RADIUS servers, the IPv6 address should be used instead of

a Host name.

•SelecttheauthenticationPort number and Accounting Port number to be assigned to the server. The default authentication port number is

1812,andthedefaultaccountingportnumberis1813.

14-03-053 93-3261.indd 30 3/14/2014 1:38:06 PM