Alcatel-Lucent 7750 Reference Manual page 133

Table 44: CLI User Authentication and Authorization (description) (Continued)
Attribute ID Attribute Name
61 NAS-Port-Type
95 NAS-IPv6-Address
26-6527-1 Timetra-Access
26-6527-2 Timetra-Home-
Directory
26-6527-3 Timetra-Restrict-To-
Home
26-6527-4 Timetra-Profile
26-6527-5 Timetra-Default-Action
7750 SR RADIUS Attributes Reference Guide
Mandatory included as type Virtual (5) for telnet/ssh or Async (0) for
Console.
The identifying IP Address of the NAS requesting the Authentication or
Accounting. Included when the RADIUS server is reachable via IPv6.
The address is determined by the routing instance through which the RADIUS
server can be reached:
"Management" — The active IPv6 address in the Boot Options File (bof
address <ipv6-address>)
"Base" — The IPv6 address of the system interface (configure router
interface system ipv6 address <ipv6-address>). The address can be
overwritten with the configured ipv6-source-address (configure system
security source-address application6 radius <ipv6-address>)
Specifies the type of access (FTP, console access or both) the user is
permitted.
Specifies the local home directory for the user for console and FTP access and
is enforced with attribute [26-6527-3]Timetra-Restrict-To-Home. The home
directory is not enforced if [26-6527-3]Timetra-Restrict-To-Home is omitted.
The local home directory is entered from the moment when the authenticated
user enters the file CLI command.
When the value is true the user is not allowed to navigate to directories above
his home directory for file access. The home-directory is specified in [26-
6527-2] Timetra-Home-Directory and is root if [26-6527-2] Timetra-Home-
Directory is omitted.
The user profile(s) that the user has access to and refers to pre-configured
user-profile-name's (configure system security profile <user-profile-
name>). These pre-configured profiles hold a default-action, a match
command-string and a command-action. Unreferenced profiles names are
silently ignored. If the maximum number of profile strings is violated, or if a
string is too long, processing the input is stopped but authorization continues
and too long profile string (and all strings followed by that) are ignored. Each
user can have multiple profiles and the order is important. The first user
profile has highest precedence, followed by the second and so on. Note: For
each authenticated RADIUS user a temporary profile with name [1]User-
Name is always created (show system security profile) and executed as last
profile. This temporary profile is build from the mandatory attribute [26-
6527-5]Timetra-Default-Action and optional attributes [26-6527-6] Timetra-
Cmd, [26-6527-7] Timetra-Action.
Specifies the default action (permit-all, deny-all or none) when the user has
entered a command and none of the commands-strings in [26-6527-
6]Timetra-Cmd resulted in a match condition. The attribute is mandatory and
required even if the [36-6527-6] Timetra-Cmd's are not used.
RADIUS Attributes Reference
Description
Page 133