Managing Users and Groups
Adding Users through RADIUS
The RADIUS system administrator can add VPN Gateway administrator users to the RADIUS
configuration without being an administrator of the AVG, because the users do not need to be
configured locally on the AVG. By assigning suitable administrator groups to these users in
RADIUS, the users can be given the desired access rights to the CLI/BBI.
When the user logs in to the CLI/BBI and is successfully authenticated, the RADIUS server
returns the groups to which the user belongs. The groups are compared to the fixed
administrator groups on the VPN Gateway, that is, tunnelguard, admin, oper and certadmin.
If a match is found, the logged on user is given the administration rights pertaining to matching
group(s). Otherwise, the user is denied access.
See the /cfg/sys/adm/auth/group command in the Avaya VPN Gateway User Guide.
Changing a Users Group Assignment
Only users who are members of the admin group can remove other users from a group. All
users can add an existing user to a group, but only to a group in which the "granting" user is
already a member. The admin user, who by default is a member of all four groups (admin,
oper, tunnelguard and certadmin) can therefore add users to any of these groups.
1. Log in to the AVG cluster.
2. Access the User Menu.
80
User Guide
In this example the cert_admin user, who is a member of the certadmin group, will
add the admin user to the certadmin group. The example assumes that the admin
user previously removed himself or herself from the certadmin group, to fully
separate the Administrator user role from the Certificate Administrator user role.
login:cert_admin
Password:( cert_admin user password)
>> Main#
[User Menu]
-----------------------------------------------------
-------
passwd
expire
Comments? infodev@avaya.com
/cfg/sys/user
- Change own password
- Set password expire time
interval
April 2013