Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

access.ini File

 

The access.ini file maps operating system user or group account names to levels of administrative privilege. The user account name and password used by an administrator when interacting with the Steel-Belted Radius Carrier server is granted access privileges according to the settings in this file.

[Settings] Section

[Settings] Section

The [Settings] section of access.ini contains overall configuration parameters; do not edit this section.

Table 7: access.ini [Settings] Syntax

Parameter

Function

  Method

This parameter controls the database against which the user is authenticated for access.

If set to OS, authentication is done against the local operating system database such as /etc/password.

If set to PAM, authentication is done against the PamService such as LDAP database.

The default value is OS.

The PamService setting is used to specify the service name, which is mapped to an entry in /etc/pam.conf on Solaris or /etc/pam.d/<name> on Linux.

Note: To perform PAM authentication on a Linux device, you must install 32-bit binaries of pam_ldap—for example, pam_ldap-185-11.el6.i686—on the Steel-Belted Radius Carrier server. Steel-Belted Radius Carrier does not support pam_ldap.x86_64 binaries.

[Users] and [Groups] Sections

[Users] and [Groups] Sections

The syntax for the [Users] and [Groups] sections (Table 8) of the access.ini file is:

Note

If you use SNMP to monitor your Steel-Belted Radius Carrier server, the [Users] section of your access.ini file must contain this entry:

   _system.localhost = SnmpAgent



If you are not using SNMP, comment out or delete the _system.localhost = SnmpAgent entry as a security precaution.

Table 8: access.ini Syntax

Parameter

Function

 UserName GroupName

Each UserName or GroupName is the name of an authorized administrator account on the server. UserName and GroupName refer to Solaris /etc/passwduser/group.

You must list user accounts in the [Users] section and group accounts in the [Groups] section. List groups in priority order; rights are granted based on the first group found of which the user is a member.

 AccessLevel

The AccessLevel in each access.ini entry is the access level that you want to assign to that account.

Each AccessLevel string must match the name of an [AccessLevel] section in admin.ini. You can define as many [AccessLevel] sections as you require. After an [AccessLevel] section is defined in admin.ini, you can use access.ini to assign the access privileges associated with that level to users and group accounts.

Note

Adding a user as an administrator using the Web GUI overrides any access settings specified for that user in the access.ini configuration file.

A special access level called SuperAdmin grants read/write access to all types of administrative data. This access level is always defined, and can be assigned to a user or group account in access.ini without appearing in admin.ini.