Authentication Super - H3C MSR Series Command Reference Manual

Usage guidelines
You can specify one primary authentication method and multiple backup authentication methods.
When the primary method is invalid, the device attempts to use the backup methods in sequence.
For example, the authentication sslvpn radius-scheme radius-scheme-name local none
command specifies a primary RADIUS authentication method and two backup methods (local
authentication and no authentication). The device performs RADIUS authentication by default and
performs local authentication when the RADIUS server is invalid. The device does not perform
authentication when both of the previous methods are invalid.
Examples
# In ISP domain test, perform local authentication for SSL VPN users.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authentication sslvpn local
# In ISP domain test, perform LDAP authentication for SSL VPN users based on scheme ldp and
use local authentication as the backup.
<Sysname> system-view
[Sysname] domain test
[Sysname-isp-test] authentication sslvpn ldap-scheme ldp local
Related commands
authentication default
ldap scheme
local-user
radius scheme

authentication super

Use authentication super to specify methods for user role authentication.
Use undo authentication super to restore the default.
Syntax
authentication
radius-scheme-name } *
undo authentication super
Default
The default authentication methods of the ISP domain are used for user role authentication.
Views
ISP domain view
Predefined user roles
network-admin
Parameters
hwtacacs-scheme hwtacacs-scheme-name: Specifies an HWTACACS scheme by its name, a
case-insensitive string of 1 to 32 characters.
radius-scheme radius-scheme-name: Specifies a RADIUS scheme by its name, a case-insensitive
string of 1 to 32 characters.
super { hwtacacs-scheme hwtacacs-scheme-name
26
| radius-scheme