User profiles associate information with a user name for authentication and
authorization. This information is defined by attribute-value pairs. The
server configuration must include profiles for all the users that
can access services through the AAA server. If a user profile is
not included in the configuration, the server will reject the users
access request.
Profiles may be stored in flat text files or an external source.
The Users screen allows you to add a new user, modify an existing
user, or delete an existing user from a text file. This screen is
accessed by selecting the Users link from the graphic interfaces
Navigation Tree.
When adding a new user profile to the server configuration
or modifying an existing entry, you supply values for the user profile
attributes through a form's fields. This form is tabbed
according to groups of attribute-value pairs. Initially, the General
tab is active.
- User Name:
Value to compare to the User-Name
attribute value in the request. It must be less than 64 characters. &, ",
~, \, /,%, $, ', and space characters may not
be used.
The remaining fields and tabs in Define Users screen allow
you to specify three types of user profile attributes: configuration
items, check items, and reply items.
- Configuration Items:
These items indicate various
AAA server-specific attributes that the server can use to perform authentication
or authorization functions. A user profile must include either the
Password attribute or the Authentication-Type and Server-Name attributes (Server-Name
is only required for some authentication types and should be listed
as a check item under the Free tab.) Additional items are optional.
- Check Items:
An optional list of zero
or more attribute-value pairs, delimited by white space. These items
indicate various attribute values that the server will compare to
the corresponding attribute values in the Access-Request.
- Reply Items:
Reply items generally get
returned to configure the client for the user's session.
They include information like PPP configuration values, the name
of the host that the user wishes to connect to, or an optional packet
filter name.
Each of the fields on the first four tabs (General, NAS/Login,
Framed, and Others) corresponds to an attribute that can be used
in a user profile as a check or reply item. When specifying attribute
values through these tabs, all A-V pairs that may ordinarily be
used as either a check or a reply item in a server configuration
are automatically added as a reply item, unless the Free tab is
used.
There are many more attributes, including vendor-specific
attributes, that can be added to a user profile. The Free tab allows
you to enter any of these attributes in the Check and Reply list
boxes.
To add attributes to the list boxes, follow the Attribute
= Value syntax. A-V pairs may be listed one per line. When adding
a new user profile, you select the Create button to submit it to
the AAA Server Manager. When modifying an existing profile, you
select the Modify button to submit changes to the user profile.
In either case if each field contains a valid value, the profile
will be created or modified; otherwise, an error message is displayed.
You can always select the Cancel button and return to the Users
screen without making any changes to your server configuration.
Printable version
