Authentication Server Users - Ubiquiti EdgeSwitch ES-24-250W Administration Manual

EdgeSwitch Administration Guide
™
Field
Access Level
Lockout Status
Unlock User Account
Password Override
Password Strength
Encrypted password

Authentication Server Users

Use the Auth Server Users page to add and remove users from the local authentication server user database.
For some security features, such as IEEE 802.1X port-based authentication, you can configure the device to
use the locally stored list of usernames and passwords to provide authentication to users instead of using an
external authentication server.
Note: The preconfigured users, admin and guest, are assigned to a pre-configured list named
defaultList, which you cannot delete. All newly created users are also assigned to the defaultList until
you specifically assign them to a different list.
You can create a text file that contains a list of IAS users to add to the database and then download the file to
the switch. The following script is an example of an IAS user text file that contains three users:
configure
aaa ias-user username client-1
password my-password1
exit
aaa ias-user username client-2
password aa5c6c251fe374d5e306c62496c3bcf6 encrypted
exit
aaa ias-user username client-3
password 1f3ccb1157
exit
After the download completes, client-1, client-2, and client-3 are added to the IAS database. The password
for client-2 is encrypted.
When 802.1X authentication is enabled on the ports and the authentication method is LOCAL, port access is
allowed only to users in this database that provide the correct name and password.
To access the Auth Server Users page, click System > Users > Auth Server Users in the navigation menu.
Ubiquiti Networks, Inc.
Add New User and Edit Existing User Dialog Box Fields (Continued)
Description
Indicates the access or privilege level for this user. The options are:
• Read Write The user can view and modify the configuration.
• Read Only The user can view the configuration but cannot modify any fields.
• Suspended The user exists but is not permitted to log on to the device.
(Edit existing user dialog box only) Displays a user's current lockout status (True if user is locked out of
the system after failing to log in successfully within the configured number of login attempts).
(Edit existing user dialog box only) Select this option to unlock a user account that has been locked out
(Lockout Status is True).
Identifies the password override complexity status for this user.
• Enable The system does not check the strength of the password.
• Disable When configuring a password, it is checked against the Strength Check rules configured
for passwords.
Indicates the date when the user's password will expire. This is determined by the date the password
was created and the number of days specified in the Aging setting on the Password Rules page.
Select this option to encrypt the password before it is stored on the device.
Configuring System Information
37