The Lightweight Directory Access Protocol (LDAP) is based on the X.500 standard, but
significantly simpler and more readily adapted to meet custom needs. The core LDAP
specifications are all defined in RFCs. LDAP is a protoco
l used to access information stored in an
Further information on configuring remote RADIUS servers can be found at the
http://www.ldapman.org/articles/intro_to_ld
http://www.ldapman.org/servers.html
http://www.linuxplanet.com/linuxplanet/tutorials/5050/1/
http://www.linuxplanet.com/linuxplanet/tutorials/5074/4/
Users may be added to the local
If they are not added and they log in via
configurators unless they
are specifically added, at which point they are transformed
into a completely local user.
added user must authenticate
the remote AAA server, and will
If a local user logs in, th
ed from the remote AAA server, depending on
union of local and remote
d has access to ports 1 and 2.
He is also defined on a remote TACACS
e has access to ports 3 and 4.
may log in with either his local or
TACACS password, and will have ac
cess to ports 1 through 4.
CACS is down, he will need to
use his local password, and will only be able to access ports 1 and 2.
is only defined on the TACACS server, which says he has access to ports 5 and
a new user will be created f
e able to access ports 5 and
If the TACACS server is down
fined on a RADIUS server only.
He has access to all serial ports and networkhosts.
ppliance using RADIUS for AAA.
he will only have access to those serial ports and network hosts he has
ed to use on the appliance.
If a “no local AAA” option is selected, then root
will still be authenticated locally
Remote users may be added to the admin group via either RADIUS or TACACS
et on the remote TACACS server.
Users automatically added by RADIUS will have
authorization for all reso
urces, whereas those added locally willstill need their authorizations specified.
LDAP has not been modified, and will still need locallydefined users
Comments to this Manuals