- Computers & electronics
- Software
- Nortel Networks
- Nortel Secure Network Access Switch 4050
- User's manual
Managing system users and groups. Nortel Networks Nortel Secure Network Access Switch 4050
Add to my manuals922 Pages
advertisement
Chapter 8
Managing system users and groups
This chapter includes the following topics:
Topic
User rights and group membership
Managing system users and groups using the CLI
Roadmap of system user management commands
Managing user accounts and passwords using the CLI
Managing user settings using the CLI
Managing user groups using the CLI
Managing system users and groups using the SREM
Managing user accounts using the SREM
Setting password expiry using the SREM
Changing your password using the SREM
Changing another user’s password using the SREM
Setting the certificate export passphrase using the SREM
Managing user groups using the SREM
Page
353
Nortel Secure Network Access Switch 4050 User Guide
354 Chapter 8 Managing system users and groups
User rights and group membership
There are three groups of system users who routinely access the system for configuration and management:
• admin (administrator)
• certadmin (certificate administrator)
• oper (operator)
Note: There are two additional types of users with specialized
functions: boot and root. For more information, see “Accessing the
Nortel SNAS 4050 cluster” on page 775 .
Group membership dictates user rights, as shown in Table 68 on page 354 . When
a user is a member of more than one group, user rights accumulate. The admin user, who by default is a member of all three groups, therefore has the same user rights as granted to members in the certadmin and oper group, in addition to the specific user rights granted by the admin group membership. The most permissive user rights become the effective user rights when a user is a member of more than one group. For more information about default user groups and related access
levels, see “Accessing the Nortel SNAS 4050 cluster” on page 775
.
Table 68 Group membership and user rights
Group
Account
User account admin certadmin oper admin admin oper admin
Rights
Group System Password
Add user Delete user Add user Delete user Change own Change others
Yes
No
Yes
No
Yes, to own group
Yes Yes
Yes
Yes, if Admin is a member of the other user’s first group
No
No No
Yes, to own group
No
Yes, to own group
No Yes No
320818-A
Chapter 8 Managing system users and groups 355
Managing system users and groups using the CLI
To manage system users and groups, access the User menu by using the following command:
/cfg/sys/user
From the User menu, you can configure and manage the following:
• add new users (for a detailed example, see
“Adding a new user” on page 360
)
• reassign users (for a detailed example, see
“Changing a user’s group assignment” on page 365
)
• change passwords (for a detailed example, see
“Changing passwords” on page 366 )
•
delete users (for a detailed example, see “Deleting a user” on page 369
)
For detailed information about the CLI commands, see “CLI configuration examples” on page 360 .
Roadmap of system user management commands
The following roadmap lists all the CLI commands to configure and manage system users for the Nortel SNAS 4050 cluster. Use this list as a quick reference or click on any entry for more information:
Command
Parameter
password <old password> <new password> <confirm new password> expire <time> list
password <own password> <user password> <confirm user password> cur
Nortel Secure Network Access Switch 4050 User Guide
356 Chapter 8 Managing system users and groups
Command
Parameter
list del <group index> add admin|oper|certadmin
Managing user accounts and passwords using the CLI
To change the password for the currently logged on user and to add or delete user accounts, access the User menu by using the following command:
/cfg/sys/user
The User menu displays.
The User menu includes the following options:
/cfg/sys/user followed by: password <old
password> <new
password> <confirm
new password> expire <time> list
Allows you to change your own password. Passwords can contain spaces and are case sensitive. The change takes effect as soon as you execute the command.
Sets an expiration time for system user passwords. The time applies to all system users. The counter starts from when the password was last set. The first time the system user logs on after the specified time has expired, the user is prompted for a new password.
• time is the length of time in days (d), hours (h), minutes (m), or seconds (s or unspecified). The default unit is seconds. The default expiration time is 0 seconds (no expiry).
If the time you specify combines time units, the format is DDdHHhMMmSS. For example, to make all passwords expire in 30 days, 2 hours, and 45 minutes, enter 30d2h45m ..
Lists all user accounts. The three built-in users (admin, oper, and root) are always listed.
320818-A
Chapter 8 Managing system users and groups 357
/cfg/sys/user followed by: del <username> add <username>
Removes the specified user account from the system.
Of the three built-in users (admin, oper, and root), only the oper user can be deleted.
You must have administrator rights in order to delete user accounts.
Note: When you delete a user, the user’s group assignment is also deleted. If you are deleting a user who is the sole member of a group, none of the remaining users on the system can then be added to that group. Existing users can only be added to a group by a user who is already a member of that group.
Before deleting a user, verify that the user is not the sole member of a group.
Adds a user account to the system. The maximum length of the user name is 255 characters. No spaces are allowed.
After adding a user account, you must also assign the
user account to a group (see “Managing user groups using the CLI” on page 359 ).
You must have administrator rights in order to add user accounts.
Nortel Secure Network Access Switch 4050 User Guide
358 Chapter 8 Managing system users and groups
/cfg/sys/user followed by: edit <username> caphrase
Accesses the User < username > menu, in order
change user settings (see “Managing user settings using the CLI” on page 358 ).
You must have administrator rights in order to change a user’s settings. You must also be a member of the first group listed for the other user.
Sets the certificate administrator’s passphrase for encrypted private keys in a configuration backup, if the certificate administrator role has been separated from the administrator role.
If the admin user is a member of the certadmin group
(the default setting), the admin user is prompted for an export passphrase to protect the private keys in the configuration dump each time the /cfg/ptcfg command is used.
Set a certificate administrator export passphrase only if the admin user has removed himself or herself from the certadmin group and added a certificate administrator user with certadmin group rights. When a configuration backup is performed using the /cfg/ptcfg command, the certadmin export passphrase is automatically used (without prompting the user) to protect the encrypted private keys. When the
/cfg/gtcfg command is used to restore a configuration backup from a file exchange server, the user is prompted for the correct certadmin passphrase, as defined using the caphrase command.
Note: The caphrase menu command is displayed only when the logged on user is a member of the certadmin group.
Managing user settings using the CLI
You must have administrator rights in order to change a user’s settings. You must also be a member of the other user’s first group (the first group listed for the other user when you use the /cfg/sys/user/edit <username>/groups/list command).
320818-A
Chapter 8 Managing system users and groups 359
To set or change the login password for a specified user and to view and manage group assignments, access the User < username > menu by using the following command:
/cfg/sys/user/edit <username>
The User < username > menu displays.
The User < username > menu includes the following options:
/cfg/sys/user/edit <username> followed by: password <own
password> <user
password> <confirm
user password>
Sets the login password for the specified user.
Passwords can contain spaces and are case sensitive.
groups cur
Accesses the Groups menu, in order to manage user group assignments (see
“Managing user groups using the CLI” on page 359 ).
Displays the current group settings for the specified user.
Managing user groups using the CLI
All users must belong to at least one group. Only an administrator user can add a new user account to the system, but any user can grant an existing user membership in a group to which the granting user belongs.
By default, the administrator user is a member of all three built-in groups (admin, oper, certadmin) and can therefore add a new user to any of these groups.
However, a certificate administrator, who is a member of the certadmin group only, can add an existing user to the certadmin group only.
If a user belongs to only one group and you want to change the user’s group membership, add the user to the new group first, and then remove the user from the old one.
Nortel Secure Network Access Switch 4050 User Guide
360 Chapter 8 Managing system users and groups
To set or change a user’s group assignment, access the Groups menu by using the following command:
/cfg/sys/user/edit <username>/groups
The Groups menu displays.
The Groups menu includes the following options:
/cfg/sys/user/edit <username>/groups followed by: list del <group index> add admin|oper|certadmin
Lists all groups to which the user is currently assigned, by group index number.
Removes the user from the specified group.
• group index is an integer indicating the group index number
You must have administrator rights in order to remove other users from groups.
Assigns the user to one of the built-in groups (admin, oper, certadmin).
CLI configuration examples
This section includes the following detailed examples:
•
“Adding a new user” on page 360
•
“Changing a user’s group assignment” on page 365
•
“Changing passwords” on page 366
•
“Changing your own password” on page 366
•
“Changing another user’s password” on page 367
•
Adding a new user
To add a new user to the system, you must be a member of the admin group. By default, only the admin user is a member of the admin group.
320818-A
Chapter 8 Managing system users and groups 361
In this configuration example, a certificate administrator user is added to the system, and then assigned to the certadmin group. The certificate administrator specializes in managing certificates and private keys, without the possibility to change system parameters or configure virtual SSL servers. A user who is a member of the certadmin group can therefore access the Certificate menu
( /cfg/cert ), but not the SSL Server 1001 menu ( /cfg/domain
#/server/ssl ). On the System menu ( /cfg/sys ), the certadmin user has access only to the User submenu ( /cfg/sys/user ).
1 Log on to the Nortel SNAS 4050 cluster as the admin user.
login: admin
Password: (admin user password)
2 Access the User Menu.
>> Main# /cfg/sys/user
------------------------------------------------------------
[User Menu]
passwd - Change own password
list - List all users
del - Delete a user
add - Add a new user
edit - Edit a user
caphrase - Certadmin export passphrase
>> User#
3 Add the new user and designate a user name.
The maximum length for a user name is 255 characters. No spaces are allowed. Each time the new user logs in to the Nortel SNAS 4050 cluster, the user must enter the name you designate as the user name in this step.
>> User# add
Name of user to add: cert_admin (maximum 255 characters, no spaces)
4 Assign the new user to a user group.
You can only assign a user to a group in which you yourself are a member.
When this criterion is met, users can be assigned to one or more of the following three groups:
Nortel Secure Network Access Switch 4050 User Guide
362 Chapter 8 Managing system users and groups
— oper
— admin
— certadmin
By default, the admin user is a member of all groups above, and can therefore assign a new or existing user to any of these groups. The group assignment of a user dictates the user rights and access levels to the system.
>> User# edit cert_admin
>> User cert_admin# groups/add
Enter group name: certadmin
5 Verify and apply the group assignment.
When you enter the list command, the current and pending group assignment of the user being edited is listed by index number and group name.
Because the cert_admin user is a new user, the current group assignment listed by Old: is empty.
>> Groups# list
Old:
Pending:
1: certadmin
>> Groups# apply
Changes applied successfully.
6 Define a login password for the user.
When the user logs in to the Nortel SNAS 4050 cluster the first time, the user will be prompted for the password you define in this step. When successfully logged on, the user can change his or her own password. The login password is case sensitive and can contain spaces.
>> Groups# /cfg/sys/user
>> User# edit cert_admin
>> User cert_admin# password
Enter admin's current password: (admin user password)
Enter new password for cert_admin: (cert_admin user password)
Re-enter to confirm: (reconfirm cert_admin user password)
320818-A
Chapter 8 Managing system users and groups 363
7 Apply the changes.
>> User cert_admin# apply
Changes applied successfully.
8 Let the Certificate Administrator user define an export passphrase.
This step is only necessary if you want to fully separate the Certificate
Administrator user role from the Administrator user role. If the admin user is
removed from the certadmin group (as in <z_blue>Step 9), a Certificate
Administrator export passphrase (caphrase) must be defined.
As long as the admin user is a member of the certadmin group (the default configuration), the admin user is prompted for an export passphrase each time a configuration backup that contains private keys is sent to a
TFTP/FTP/SCP/SFTP server (command: /cfg/ptcfg ). When the admin user is not a member of the certadmin group, the export passphrase defined by the Certificate Administrator is used instead to encrypt private keys in the configuration backup. The encryption of private keys using the export passphrase defined by the Certificate Administrator is performed transparently to the user, without prompting. When the configuration backup is restored, the Certificate Administrator must enter the correct export passphrase.
Note: If the export passphrase defined by the Certificate Administrator is lost, configuration backups made by the admin user while he or she was not a member of the certadmin group cannot be restored.
The export passphrase defined by the Certificate Administrator remains the same until changed by using the /cfg/sys/user/caphrase command. For users who are not members of the certadmin group, the caphrase command in the User menu is hidden. Only users who are members of the certadmin group should know the export passphrase. The export passphrase can contain spaces and is case sensitive.
>> User cert_admin# ../caphrase
Enter new passphrase:
Re-enter to confirm:
Passphrase changed.
Nortel Secure Network Access Switch 4050 User Guide
364 Chapter 8 Managing system users and groups
9 Remove the admin user from the certadmin group.
Again, this step is only necessary if you want to fully separate the Certificate
Administrator user role from the Administrator user role. Note however, that once the admin user is removed from the certadmin group, only a user who is already a member of the certadmin group can grant the admin user certadmin group membership anew.
When the admin user is removed from the certadmin group, only the
Certificate Administrator user can access the Certificate menu ( /cfg/cert ).
>> User# edit admin
>> User admin# groups/list
1: admin
2: oper
3: certadmin
>> Groups# del 3
Note: It is critical that a Certificate Administrator user is created and assigned certadmin group membership before the admin user is removed from the certadmin group. Otherwise there is no way to assign certadmin group membership to a new user, or to restore certadmin group membership to the admin user, should it become necessary.
10 Verify and apply the changes.
>> Groups# list
Old:
1: admin
2: oper
3: certadmin
Pending:
1: admin
2: oper
>> Groups# apply
320818-A
Chapter 8 Managing system users and groups 365
Changing a user’s group assignment
Only users who are members of the admin group can remove other users from a group. All users can add an existing user to a group, but only to a group in which the “granting” user is already a member. The admin user, who by default is a member of all three groups (admin, oper, and certadmin) can therefore add users to any of these groups.
1 Log on to the Nortel SNAS 4050 cluster.
In this example the cert_admin user, who is a member of the certadmin group, will add the admin user to the certadmin group. The example assumes that the admin user previously removed himself or herself from the certadmin group, in order to fully separate the Administrator user role from the Certificate
Administrator user role.
login: cert_admin
Password: (cert_admin user password)
2 Access the User Menu.
>> Main# /cfg/sys/user
------------------------------------------------------------
[User Menu]
passwd - Change own password
list - List all users
del - Delete a user
add - Add a new user
edit - Edit a user
caphrase - Certadmin export passphrase
>> User#
3 Assign the admin user certadmin user rights by adding the admin user to the certadmin group.
>> User# edit admin
>> User admin# groups/add
Enter group name: certadmin
Nortel Secure Network Access Switch 4050 User Guide
366 Chapter 8 Managing system users and groups
Note: A user must be assigned to at least one group at any given time. If you want to replace a user’s single group assignment, you must therefore always first add the user to the desired new group, then remove the user from the old group.
4 Verify and apply the changes.
>> Groups# list
Old:
1: admin
2: oper
Pending:
1: admin
2: oper
3: certadmin
>> Groups# apply
Changing passwords
Changing your own password
All users can change their own password. Login passwords are case sensitive and can contain spaces.
1 Log on to the Nortel SNAS 4050 cluster by entering your user name and current password.
login: cert_admin
Password: (cert_admin user password)
320818-A
Chapter 8 Managing system users and groups 367
2 Access the User Menu.
>> Main# /cfg/sys/user
------------------------------------------------------------
[User Menu]
passwd - Change own password
list - List all users
del - Delete a user
add - Add a new user
edit - Edit a user
caphrase - Certadmin export passphrase
>> User#
Type the passwd command to change your current password.
When your own password is changed, the change takes effect immediately without having to use the apply command.
>> User# passwd
Enter cert_admin's current password: (current cert_admin user password)
Enter new password: (new cert_admin user password)
Re-enter to confirm: (reconfirm new cert_admin user password)
Password changed.
Changing another user’s password
Only the admin user can change another user’s password, and then only if the admin user is a member of the other user’s first group (the group that is listed first for the user with the /cfg/sys/user/edit <username>/groups/list command). Login passwords are case sensitive and can contain spaces.
1 Log on to the Nortel SNAS 4050 cluster as the admin user.
login: admin
Password: (admin user password)
Nortel Secure Network Access Switch 4050 User Guide
368 Chapter 8 Managing system users and groups
2 Access the User Menu.
>> Main# /cfg/sys/user
------------------------------------------------------------
[User Menu]
passwd - Change own password
list - List all users
del - Delete a user
add - Add a new user
edit - Edit a user
caphrase - Certadmin export passphrase
>> User#
3 Specify the user name of the user whose password you want to change.
>> User# edit
Name of user to edit: cert_admin
4 Type the password command to initialize the password change.
>> User cert_admin# password
Enter admin's current password: (admin user password)
Enter new password for cert_admin: (new password for user being edited)
Re-enter to confirm: (confirm new password for user being edited)
5 Apply the changes.
>> User cert_admin# apply
Changes applied successfully.
320818-A
Chapter 8 Managing system users and groups 369
Deleting a user
To delete a user from the system, you must be a member of the admin group. By default, only the admin user is a member of the admin group.
Note: Remember that when a user is deleted, that user’s group assignment is also deleted. If you are deleting a user who is the sole member of a group, none of the remaining users on the system can then be added to that group. Existing users can only be added to a group by a user who is already a member of that group. Before deleting a user, you may therefore want to verify that the user is not the sole member of a group.
1 Log on to the Nortel SNAS 4050 cluster as the admin user.
login: admin
Password: (admin user password)
2 Access the User Menu.
>> Main# /cfg/sys/user
------------------------------------------------------------
[User Menu]
passwd - Change own password
list - List all users
del - Delete a user
add - Add a new user
edit - Edit a user
>> User#
3 Specify the user name of the user you want to remove from the system configuration.
In this example, the cert_admin user is removed from the system. To list all users currently added to the system configuration, use the list command.
>> User# del cert_admin
4 Verify and apply the changes.
Nortel Secure Network Access Switch 4050 User Guide
370 Chapter 8 Managing system users and groups
The imminent removal of the cert_admin user is indicated as a pending configuration change by the minus sign (-). To cancel a configuration change that has not yet been applied, use the revert command.
>> User# list
root
admin
oper
-cert_admin
>> User# apply
Managing system users and groups using the SREM
To manage users, choose from one of the following tasks:
•
“Managing user accounts using the SREM” on page 370
•
“Setting password expiry using the SREM” on page 374
•
“Changing your password using the SREM” on page 376
•
“Changing another user’s password using the SREM” on page 377
•
“Setting the certificate export passphrase using the SREM” on page 379
•
“Managing user groups using the SREM” on page 381
Managing user accounts using the SREM
To manage user accounts, select the System > Manage Users > User Table tab.
320818-A
Chapter 8 Managing system users and groups 371
The User Table appears (see Figure 96
), displaying a list of user accounts that have been added to the Nortel SNAS 4050.
Figure 96 User Table
Only the admin user can add users to the system. After adding a user, you must assign the user to a group (see
“Managing user groups using the SREM” on page 381 ).
Nortel Secure Network Access Switch 4050 User Guide
372 Chapter 8 Managing system users and groups
Only the admin user can delete users from the system. Of the three built-in users
(admin, oper, and root), only the oper user can be deleted.
Note: When you delete a user, the user’s group assignment is also deleted. If you are deleting a user who is the sole member of a group, none of the remaining users on the system can then be added to that group. Existing users can only be added to a group by a user who is already a member of that group. Before deleting a user, verify that the user is not the sole member of a group.
To manage Nortel SNAS 4050 users, select from the following tasks:
•
“Adding a new user” on page 360
•
“Removing existing user accounts” on page 373
Adding new user accounts
To add additional user accounts, perform the following steps:
1 Select the System > Manage Users > User Table tab.
The User Table appears (see Figure 96
).
2 Click Add.
The Add a User dialog box appears (see Figure 97 ).
Figure 97 Add a User
320818-A
Chapter 8 Managing system users and groups 373
3 Enter the user information in the applicable fields.
describes the Add a User fields.
Table 69 Add a User fields
Field
Name
Description
The user name for the new user. The maximum length of the user name is 255 characters. No spaces are allowed.
4 Click Apply.
The new user entry appears in the User Table.
5 Click Apply on the toolbar to send the current changes to the Nortel
SNAS 4050. Click Commit on the toolbar to save the changes permanently.
Removing existing user accounts
To remove an existing user, perform the following steps:
1 Select the System > Manage Users > User Table tab.
The User Table appears (see Figure 96 on page 371 ).
2 Select a user entry to remove from the User Table.
3 Click Delete.
A dialog box appears to confirm the deletion of this user account.
4 Click Yes.
The entry is immediately removed from the User Table.
5 Click Apply on the toolbar to send the current changes to the Nortel
SNAS 4050. Click Commit on the toolbar to save the changes permanently.
Nortel Secure Network Access Switch 4050 User Guide
374 Chapter 8 Managing system users and groups
Setting password expiry using the SREM
To set a password expiry date for all passwords in the system, perform the following steps:
1 Select the System > Manage Users > Password Setting tab.
The Password Setting screen appears (see
).
Figure 98 Password Setting
320818-A
Chapter 8 Managing system users and groups 375
2
Enter the Password Setting information in the applicable fields. Table 70
describes the Password Settings fields.
Table 70 Password Settings fields
Field Description
Password Expiration Interval Sets the password expiration interval, in days (d).
A value of 0 indicates that the password never expires.
3 Click Apply on the toolbar to send the current changes to the Nortel
SNAS 4050. Click Commit on the toolbar to save the changes permanently.
Nortel Secure Network Access Switch 4050 User Guide
376 Chapter 8 Managing system users and groups
Changing your password using the SREM
Only the admin user can change the passwords of other users. Logged on users can change their own passwords.
To change the password for the logged on user, perform the following steps:
1 Select the System > Manage Users > Change Your Password tab.
The Change Your Password screen appears (see
).
Figure 99 Change Your Password
320818-A
Chapter 8 Managing system users and groups 377
2
Enter the password information in the applicable fields. Table 71
describes the
Change Your Password fields.
Table 71 Change Your Password fields
Field
Current Password
Enter New Password
Re-enter New Password
Description
The current password.
Sets the new password. The password must be at least four characters and can contain spaces. The password is case sensitive.
Confirms the new password.
3 Click Change Password.
A dialog box appears for confirmation.
4 Click Yes.
5 Click Apply to send the changes to the device. To make the changes permanent, click Commit.
Changing another user’s password using the SREM
Only the admin user can change the passwords of other users.
Nortel Secure Network Access Switch 4050 User Guide
378 Chapter 8 Managing system users and groups
To change the password for another user, perform the following steps:
1 Select the System > Manage Users > user > Change User Password tab.
The Change User Password screen appears (see
Figure 100 Change User Password
320818-A
Chapter 8 Managing system users and groups 379
2
Enter the password information in the applicable fields. Table 71
describes the
Change User Password fields.
Table 72 Change User Password fields
Field
Current Administrator
Password
Enter New Password
Re-enter New Password
Description
The current password of the admin user performing the change.
Sets the new password. The password must be at least four characters and can contain spaces. The password is case sensitive.
Confirms the new password.
3 Click Change Password.
A dialog box appears for confirmation.
4 Click Yes.
5 Click Apply to send the changes to the device. To make the changes permanent, click Commit.
Setting the certificate export passphrase using the SREM
You can set a certificate administrator’s passphrase for encrypted private keys in a configuration backup, if the certificate administrator role has been separated from the administrator role.
If the admin user is a member of the certadmin group (the default setting), the admin user must provide an export passphrase to protect the private keys in the configuration dump each time the configuration is backed up to an external file server.
Set a certificate administrator export passphrase only if the admin user has removed himself or herself from the certadmin group and added a certificate administrator user with certadmin group rights. When a configuration backup is performed, the certificate export passphrase is automatically used to protect the encrypted private keys. When the configuration is restored from the file exchange server, the user is prompted for the correct certificate export passphrase.
Nortel Secure Network Access Switch 4050 User Guide
380 Chapter 8 Managing system users and groups
To set a certificate export pass phrase, perform the following steps:
1 Select the System > Manage Users > Set Certificate Export PassPhrase tab.
The Set Certificate Export PassPhrase screen appears (see
Figure 101 Set Certificate Export PassPhrase
320818-A
Chapter 8 Managing system users and groups 381
2 Enter the PassPhrase information in the applicable fields.
describes the Set Certificate Export PassPhrase fields.
Table 73 Set Certificate Export PassPhrase fields
Field Description
Enter New Pass Phrase Sets the pass phrase. Must be at least four characters.
Re-enter New Pass Phrase Confirms the pass phrase.
3 Click Set Pass Phrase.
4 Click Apply on the toolbar to send the current changes to the Nortel
SNAS 4050. Click Commit on the toolbar to save the changes permanently.
Managing user groups using the SREM
All users must belong to at least one group. Only an administrator user can add a new user account to the system, but any user can grant an existing user membership in a group to which the granting user belongs.
By default, the administrator user is a member of all three built-in groups (admin, oper, certadmin) and can therefore add a new user to any of these groups.
However, a certificate administrator, who is a member of the certadmin group only, can add an existing user to the certadmin group only.
If a user belongs to only one group and you want to change the user’s group membership, add the user to the new group first, and then remove the user from the old one.
Nortel Secure Network Access Switch 4050 User Guide
382 Chapter 8 Managing system users and groups
To manage the group to which a user belongs, select the System > Manage
Users > user > User Groups tab. The User Groups screen appears, displaying the
user’s current group membership (see Figure 102
).
Figure 102 User Groups
320818-A
Choose from the following tasks to manage users groups:
•
“Adding a user group” on page 382
•
“Removing a user group” on page 383
Adding a user group
To add a new user group, perform the following steps:
1 Select the System > Manage Users > user > User Groups tab.
The User Groups screen appears (see
).
Chapter 8 Managing system users and groups 383
2 Click Add.
The Add a User Group dialog box appears (see Figure 103
).
Figure 103 Add a User Group
3
Enter the User Group information in the applicable fields. Table 74 describes
the Add a User Group fields.
Table 74 Add a User Group fields
Field
Name
Description
Specifies the name of the group to which you are adding the user. Options are oper, admin, certadmin.
4 Click Add.
The new user group appears in the table.
5 Click Apply on the toolbar to send the current changes to the Nortel
SNAS 4050. Click Commit on the toolbar to save the changes permanently.
Removing a user group
To remove an existing user group from the User Group Table, perform the following steps:
1 Select the System > Manage Users > user > User Groups tab.
The User Groups screen appears (see
).
2 Select the group to remove from the User Group Table.
3 Click Delete.
A confirmation dialog appears.
4 Click Yes.
Nortel Secure Network Access Switch 4050 User Guide
384 Chapter 8 Managing system users and groups
The user group is immediately removed from the User Group Table.
5 Click Apply on the toolbar to send the current changes to the Nortel
SNAS 4050. Click Commit on the toolbar to save the changes permanently.
320818-A
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 1 Nortel Secure Network Access Switch 4050 User Guide
- 5 Contents
- 25 Preface
- 26 Before you begin
- 27 Text conventions
- 28 Related information
- 28 Publications
- 29 Online
- 29 How to get help
- 31 Overview
- 31 The Nortel SNA solution
- 32 Elements of the NSNA solution
- 32 Supported users
- 33 Role of the Nortel SNAS 4050
- 39 Nortel SNAS 4050 clusters
- 40 One-armed and two-armed configurations
- 42 Nortel SNA configuration and management tools
- 43 Nortel SNAS 4050 configuration roadmap
- 49 Initial setup
- 50 Before you begin
- 51 About the IP addresses
- 52 Initial setup
- 52 Setting up a single Nortel SNAS 4050 device or the first in a cluster
- 61 Adding a Nortel SNAS 4050 device to a cluster
- 66 Next steps
- 67 Applying and saving the configuration
- 68 Applying and saving the configuration using the CLI
- 68 Applying and saving the configuration using the SREM
- 71 Managing the network access devices
- 72 Before you begin
- 73 Managing network access devices using the CLI
- 73 Roadmap of domain commands
- 75 Adding a network access device using the CLI
- 79 Deleting a network access device using the CLI
- 80 Configuring the network access devices using the CLI
- 82 Mapping the VLANs using the CLI
- 84 Managing SSH keys using the CLI
- 89 Monitoring switch health using the CLI
- 90 Controlling communication with the network access devices using the CLI
- 91 Managing network access devices using the SREM
- 91 Adding a network access device using the SREM
- 93 Deleting a network access device using the SREM
- 93 Configuring the network access devices using the SREM
- 96 Mapping the VLANs using the SREM
- 102 Managing SSH keys using the SREM
- 111 Monitoring switch health using the SREM
- 113 Viewing a connected client list using the SREM
- 115 Controlling communication with the network access devices using the SREM
- 117 Configuring the domain
- 118 Configuring the domain using the CLI
- 119 Roadmap of domain commands
- 121 Creating a domain using the CLI
- 129 Deleting a domain using the CLI
- 130 Configuring domain parameters using the CLI
- 132 Configuring the TunnelGuard check using the CLI
- 135 Configuring the SSL server using the CLI
- 144 Configuring HTTP redirect using the CLI
- 145 Configuring advanced settings using the CLI
- 146 Configuring RADIUS accounting using the CLI
- 150 Configuring the domain using the SREM
- 151 Creating a domain using the SREM
- 163 Deleting a domain using the SREM
- 164 Configuring domain parameters using the SREM
- 168 Configuring the TunnelGuard check using the SREM
- 174 Configuring the SSL server using the SREM
- 181 Configuring HTTP redirect using the SREM
- 183 Configuring RADIUS accounting using the SREM
- 191 Configuring groups and profiles
- 192 Overview
- 192 Groups
- 194 Linksets
- 194 TunnelGuard SRS rule
- 195 Extended profiles
- 196 Before you begin
- 196 Configuring groups and extended profiles using the CLI
- 197 Roadmap of group and profile commands
- 198 Configuring groups using the CLI
- 201 Configuring client filters using the CLI
- 203 Configuring extended profiles using the CLI
- 206 Mapping linksets to a group or profile using the CLI
- 208 Creating a default group using the CLI
- 208 Configuring groups and extended profiles using the SREM
- 208 Configuring groups using the SREM
- 213 Configuring client filters using the SREM
- 219 Configuring extended profiles using the SREM
- 223 Mapping linksets to a group or profile using the SREM
- 230 Creating a default group using the SREM
- 233 Configuring authentication
- 234 Overview
- 235 Before you begin
- 236 Configuring authentication using the CLI
- 237 Roadmap of authentication commands
- 239 Configuring authentication methods using the CLI
- 241 Configuring advanced settings using the CLI
- 242 Configuring RADIUS authentication using the CLI
- 249 Configuring LDAP authentication using the CLI
- 261 Configuring local database authentication using the CLI
- 267 Specifying authentication fallback order using the CLI
- 269 Configuring authentication using the SREM
- 270 Configuring authentication methods using the SREM
- 271 Configuring RADIUS authentication using the SREM
- 282 Configuring LDAP authentication using the SREM
- 298 Configuring local database authentication using the SREM
- 314 Specifying authentication fallback order using the SREM
- 316 Saving authentication settings
- 317 TunnelGuard SRS Builder
- 318 Configuring SRS rules
- 318 The TunnelGuard user interface
- 319 Menu commands
- 322 SRS definition toolbar
- 323 Software Definition - Available SRS list
- 323 SRS Components table
- 325 Memory snapshot
- 325 TunnelGuard Rule Definition screen
- 327 Managing TunnelGuard rules and expressions
- 327 Creating a software definition
- 328 Adding entries to a software definition
- 333 Creating logical expressions
- 338 Registry-based rules
- 343 Manually creating SRS entries
- 347 File age check
- 348 Adding comments
- 349 Deleting SRS rules and their components
- 351 TunnelGuard support for API calls
- 351 Making API calls
- 353 Managing system users and groups
- 354 User rights and group membership
- 355 Managing system users and groups using the CLI
- 355 Roadmap of system user management commands
- 356 Managing user accounts and passwords using the CLI
- 358 Managing user settings using the CLI
- 359 Managing user groups using the CLI
- 360 CLI configuration examples
- 370 Managing system users and groups using the SREM
- 370 Managing user accounts using the SREM
- 374 Setting password expiry using the SREM
- 376 Changing your password using the SREM
- 377 Changing another user’s password using the SREM
- 379 Setting the certificate export passphrase using the SREM
- 381 Managing user groups using the SREM
- 385 Customizing the portal and user logon
- 386 Overview
- 386 Captive portal and Exclude List
- 389 Portal display
- 397 Managing the end user experience
- 398 Customizing the portal and logon using the CLI
- 398 Roadmap of portal and logon configuration commands
- 401 Configuring the captive portal using the CLI
- 401 Configuring the Exclude List using the CLI
- 402 Changing the portal language using the CLI
- 406 Configuring the portal display using the CLI
- 409 Changing the portal colors using the CLI
- 410 Configuring custom content using the CLI
- 412 Configuring linksets using the CLI
- 414 Configuring links using the CLI
- 417 Customizing the portal and logon using the SREM
- 417 Configuring the captive portal using the SREM
- 420 Changing the portal language using the SREM
- 426 Configuring the portal display using the SREM
- 432 Changing the portal colors using the SREM
- 434 Configuring custom content using the SREM
- 440 Configuring linksets using the SREM
- 445 Configuring links using the SREM
- 457 Configuring system settings
- 459 Configuring the cluster using the CLI
- 460 Roadmap of system commands
- 464 Configuring system settings using the CLI
- 465 Configuring the Nortel SNAS 4050 host using the CLI
- 469 Configuring host interfaces using the CLI
- 471 Configuring static routes using the CLI
- 472 Configuring host ports using the CLI
- 473 Managing interface ports using the CLI
- 474 Configuring the Access List using the CLI
- 475 Configuring date and time settings using the CLI
- 477 Configuring DNS servers and settings using the CLI
- 480 Configuring RSA servers using the CLI
- 481 Configuring syslog servers using the CLI
- 483 Configuring administrative settings using the CLI
- 485 Enabling TunnelGuard SRS administration using the CLI
- 485 Configuring Nortel SNAS 4050 host SSH keys using the CLI
- 488 Configuring RADIUS auditing using the CLI
- 492 Configuring authentication of system users using the CLI
- 495 Configuring the cluster using the SREM
- 496 Configuring system settings using the SREM
- 497 Configuring a Nortel SNAS 4050 host using the SREM
- 508 Configuring host interfaces using the SREM
- 514 Configuring static routes using the SREM
- 520 Configuring host ports using the SREM
- 523 Managing interface ports using the SREM
- 525 Configuring the access list using the SREM
- 528 Managing date and time settings using the SREM
- 532 Configuring DNS settings using the SREM
- 534 Configuring servers using the SREM
- 546 Configuring administrative settings using the SREM
- 547 Configuring SRS control settings using the SREM
- 548 Configuring Nortel SNAS 4050 host SSH keys using the SREM
- 553 Adding an SSH key for a known host using the SREM
- 554 Managing RADIUS audit settings using the SREM
- 562 Managing RADIUS authentication of system users using the SREM
- 569 Managing certificates
- 570 Overview
- 571 Key and certificate formats
- 573 Creating certificates
- 573 Installing certificates and keys
- 574 Saving or exporting certificates and keys
- 574 Updating certificates
- 575 Managing private keys and certificates using the CLI
- 576 Roadmap of certificate management commands
- 577 Managing and viewing certificates and keys using the CLI
- 579 Generating and submitting a CSR using the CLI
- 584 Adding a certificate to the Nortel SNAS 4050 using the CLI
- 587 Adding a private key to the Nortel SNAS 4050 using the CLI
- 588 Importing certificates and keys into the Nortel SNAS 4050 using the CLI
- 591 Displaying or saving a certificate and key using the CLI
- 594 Exporting a certificate and key from the Nortel SNAS 4050 using the CLI
- 596 Generating a test certificate using the CLI
- 597 Managing private keys and certificates using the SREM
- 598 Viewing certificates using the SREM
- 599 Creating a certificate using the SREM
- 601 Generating and submitting a CSR using the SREM
- 603 Importing a certificate or key using the SREM
- 605 Displaying or saving a certificate and key using the SREM
- 607 Exporting a certificate and key from the Nortel SNAS 4050 using the SREM
- 610 Viewing certificate information using the SREM
- 617 Configuring SNMP
- 618 Configuring SNMP using the CLI
- 619 Roadmap of SNMP commands
- 620 Configuring SNMP settings using the CLI
- 621 Configuring the SNMP v2 MIB using the CLI
- 622 Configuring the SNMP community using the CLI
- 623 Configuring SNMPv3 users using the CLI
- 626 Configuring SNMP notification targets using the CLI
- 627 Configuring SNMP events using the CLI
- 631 Configuring SNMP settings using the SREM
- 632 Configuring SNMP using the SREM
- 634 Configuring SNMP targets using the SREM
- 640 Configuring SNMPv3 users using the SREM
- 647 Configuring SNMP events using the SREM
- 659 Viewing system information and performance statistics
- 660 Viewing system information and performance statistics using the CLI
- 660 Roadmap of information and statistics commands
- 661 Viewing system information using the CLI
- 666 Viewing alarm events using the CLI
- 667 Viewing log files using the CLI
- 667 Viewing AAA statistics using the CLI
- 670 Viewing all statistics using the CLI
- 670 Viewing system information and performance statistics using the SREM
- 670 Viewing local information using the SREM
- 672 Viewing cluster information using the SREM
- 698 Viewing AAA statistics using the SREM
- 716 Viewing Ethernet statistics using the SREM
- 723 Maintaining and managing the system
- 724 Managing and maintaining the system using the CLI
- 725 Roadmap of maintenance and boot commands
- 726 Performing maintenance using the CLI
- 730 Backing up or restoring the configuration using the CLI
- 733 Managing Nortel SNAS 4050 devices using the CLI
- 734 Managing software for a Nortel SNAS 4050 device using the CLI
- 736 Managing and maintaining the system using the SREM
- 736 Performing maintenance using the SREM
- 742 Backing up or restoring the configuration using the SREM
- 743 Managing Nortel SNAS 4050 devices and software using the SREM
- 752 Downloading files using the SREM
- 754 Running Nortel SNAS 4050 diagnostics using the SREM
- 757 Upgrading or reinstalling the software
- 757 Upgrading the Nortel SNAS 4050
- 758 Performing minor and major release upgrades
- 760 Activating the software upgrade package
- 763 Reinstalling the software
- 763 Before you begin
- 765 Reinstalling the software from an external file server
- 767 Reinstalling the software from a CD
- 769 The Command Line Interface
- 770 Connecting to the Nortel SNAS 4050
- 770 Establishing a console connection
- 772 Establishing a Telnet connection
- 773 Establishing a connection using SSH
- 775 Accessing the Nortel SNAS 4050 cluster
- 777 CLI Main Menu or Setup
- 777 Command line history and editing
- 777 Idle timeout
- 779 Configuration example
- 779 Scenario
- 782 Steps
- 782 Configure the network DNS server
- 783 Configure the network DHCP server
- 789 Configure the network core router
- 790 Configure the Ethernet Routing Switch 8300 using the CLI
- 793 Configure the Ethernet Routing Switch 5510
- 795 Configure the Nortel SNAS 4050
- 803 CLI reference
- 804 Using the CLI
- 804 Global commands
- 806 Command line history and editing
- 807 CLI shortcuts
- 810 Using slashes and spaces in commands
- 810 IP address and network mask formats
- 811 Variables
- 812 CLI Main Menu
- 812 CLI command reference
- 814 Information menu
- 815 Statistics menu
- 816 Configuration menu
- 835 Boot menu
- 836 Maintenance menu
- 837 Troubleshooting
- 837 Troubleshooting tips
- 838 Cannot connect to the Nortel SNAS 4050 using Telnet or SSH
- 841 Cannot add the Nortel SNAS 4050 to a cluster
- 841 Cannot contact the MIP
- 843 The Nortel SNAS 4050 stops responding
- 844 A user password is lost
- 845 A user fails to connect to the Nortel SNAS 4050 domain
- 845 Trace tools
- 847 System diagnostics
- 847 Installed certificates
- 847 Network diagnostics
- 849 Active alarms and the events log file
- 849 Error log files
- 851 Syslog messages
- 851 Syslog messages by message type
- 852 Operating system (OS) messages
- 853 System Control Process messages
- 857 Traffic Processing Subsystem messages
- 860 Start-up messages
- 861 AAA subsystem messages
- 863 NSNAS subsystem messages
- 865 Syslog messages in alphabetical order
- 875 Supported MIBs
- 875 Supported MIBs
- 879 Supported traps
- 881 Supported ciphers
- 883 Adding User Preferences attribute to Active Directory
- 883 Install All Administrative Tools (Windows 2000 Server)
- 883 Register the Schema Management dll (Windows Server 2003)
- 884 Add the Active Directory Schema Snap-in (Windows 2000 Server and Windows Server 2003)
- 886 Permit write operations to the schema (Windows 2000 Server)
- 887 Create a new attribute (Windows 2000 Server and Windows Server 2003)
- 888 Create the new class
- 891 Configuring DHCP to auto-configure IP Phones
- 892 Configuring IP Phone auto-configuration
- 892 Creating the DHCP options
- 896 Configuring the Call Server Information and VLAN Information options
- 899 Setting up the IP Phone
- 901 Using a Windows domain logon script to launch the Nortel SNAS 4050 portal
- 901 Configuring the logon script
- 902 Creating a logon script
- 902 Creating the script as a batch file
- 903 Creating the script as a VBScript file
- 903 Assigning the logon script
- 905 Software licensing information
- 911 Index