No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

The Relation of Radius Authentication and Authority

Publication Date:  2012-07-27 Views:  61 Downloads:  0
Issue Description
Radius authenticates all log users. When Radius server is not reachable, confgured 3-level authority local users has only one-level authority. 
Used Configuration:
 authentication-scheme default                                                   
  authentication-mode  radius   local                                              
  authentication-scheme huawei                                                   
  authentication-mode  radius                                                   
 #                                                                              
   authorization-scheme default                                                    
   authorization-mode  if-authenticated                                           
  authorization-scheme huawei                                                    
  authorization-mode  if-authenticated   
 # 
   domain default                                                                  
  radius-server jazztel                                                         
 domain huawei                                                                  
  authentication-scheme  huawei                                                 
  radius-server huawei  
Alarm Information
Null
Handling Process
Change configuration and authority is not configured. The system authorize users with Local configured authority.
Root Cause
When log users do not contain domain name, the system has authentication and authority with default domain. Radius server is unreachable, authenticate users with Local. After local authentication succeeds, (Configured authority is if-authenticed and it is invalid for Local) so the system returns successful authentication users as VTY default authority (1 level) and it is not configured 3-level authority. Under authentication mode, use local to authorize or authority does not match (under default it is Local), the system will authorize users with Local configured authority. 
authorization-scheme default                                                    
authorization-mode  if-authenticated   local
Suggestions
Understand the meaning of command line.

END