Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

admin.ini File

 

The admin.ini file maps administrative access levels to sets of access rights. These access levels are enforced for administrators connecting to Steel-Belted Radius Carrier by means of the Web GUI or LDAP configuration interface (LCI). Each [AccessLevel] section in the admin.ini file corresponds to an AccessLevel name entered in the access.ini file. You can create as many [AccessLevel] sections in the admin.ini file as you require.

Access rights are defined according to the categories of administrative data that an account is allowed to read and write. These data categories correspond to Web GUI pages and to objects directly under o=radius in the LDAP configuration schema.

Note

Due to interdependencies in configuration, to enable an administrator to configure users, the following settings are required in the [AccessLevel] section of the admin.ini file:

Note

If you omit a keyword, access to that data category is specifically denied for all information and dialogs that correspond to that keyword. Misspelled keywords are considered omitted.

[AccessLevel] Section

[AccessLevel] Section

The syntax for each [AccessLevel] section (Table 9) defined in the admin.ini file is:

Table 9: admin.ini Syntax

Parameter

Function

  AccessLevel

Specifies the name of the access level. The value used here must be identical to the value used in the access.ini file.

Access

Specifies whether administrators with this access level can read or write (update) administrative access data, which is controlled by the Administrators List page.

Valid values are:

  • r—Read-only access

  • w—Write-only access

  • rw—Read/write access

Note: When an administrator requests access, Steel-Belted Radius Carrier checks entries in the Administrators List page in Web GUI before checking the access.ini and admin.ini files. If an applicable administrative account exists in the Administrators List page, the user is given full access to the Steel-Belted Radius Carrier database, regardless of the configuration of the access.ini and admin.ini files.

Certificates

Specifies whether administrators with this access level can modify trusted root and server certificate information through Web GUI. Valid values are:

  • r—Read-only access

  • w—Write-only access

  • rw—Read/write access

CCMPublish

Specifies whether administrators with this access level can publish server replication (ccmpkg) information through Web GUI. Valid values are:

  • r—Read-only access

  • w—Write-only access

  • rw—Read/write access

CCMServerList

Specifies whether administrators with this access level can read or write (update) information in the Server List page in Web GUI. Valid values are:

  • r—Read-only access

  • w—Write-only access

  • rw—Read/write access

Configuration

Specifies whether administrators with this access level can read or write (update) information found in the Authentication Methods page in Web GUI. Valid values are:

  • r—Read-only access

  • w—Write-only access

  • rw—Read/write access

CurrentUsers

Specifies whether administrators with this access level can read or write (update) the Current Sessions Table, which can be displayed in the Reports page in Web GUI. Write access allows the administrator to delete entries from the Current Sessions Table. Valid values are:

  • r—Read-only access

  • w—Write-only access

  • rw—Read/write access

ImportExport

Controls whether the Import and Export menu items are enabled in the Web GUI.

  • Read access allows file export.

  • Write access allows file import.

    Valid values are:

  • r—Read-only access (allows export but not import)

  • w—Write-only access (allows import but not export)

  • rw—Read/write access (allows import and export)

    Data categories without read access are disabled. If a user tries to export categories of data without having sufficient access rights, categories for which the user does not have read access are omitted from the export operation. Similarly, if a user tries to import categories of data without having sufficient access rights, categories for which the user does not have write access are omitted from the import operation.

Note: Import and Export are subject to the particular rights that the user has to each type of item, such as Users or Tunnels.

IP-Pools

Specifies whether administrators with this access level can read or write (update) IP address pool data. Valid values are:

  • r—Read-only access

  • w—Write-only access

  • rw—Read/write access

Note: This applies to standalone SBR Carrier servers only. For information about IP pools on Session State Register servers, see the SBR Carrier Installation Guide.

License

Specifies whether administrators with this access level can add a new license. Valid values are:

  • w—Write-only access

  • rw—Read/write access

Profiles

Specifies whether administrators with this access level can read or write (update) profile data. Valid values are:

  • r—Read-only access

  • w—Write-only access

  • rw—Read/write access

Proxy

Specifies whether administrators with this access level can read or write (update) proxy target data. Valid values are:

  • r—Read-only access

  • w—Write-only access

  • rw—Read/write access

RAS-Clients

Specifies whether administrators with this access level can read or write (update) RADIUS client data. Valid values are:

  • r—Read-only access

  • w—Write-only access

  • rw—Read/write access

Report

Specifies whether administrators with this access level can read or write (update) report data. Valid values are:

  • r—Read-only access

  • w—Write-only access

  • rw—Read/write access

RuleSets

Specifies whether certificates are replicated within a realm. Valid values are:

  • r—Read-only access

  • w—Write-only access

  • rw—Read/write access

Statistics

Specifies whether administrators can read Authentication, Accounting, and Proxy statistics generated by the server. Write access is not applicable. Valid values are:

  • r—Read-only access

Tunnels

Specifies whether administrators with this access level can read or write (update) RADIUS tunnel data. Valid values are:

  • r—Read-only access

  • w—Write-only access

  • rw—Read/write access

Users

Specifies whether administrators with this access level can read or write (update) user data. Valid values are:

  • r—Read-only access

  • w—Write-only access

  • rw—Read/write access

Note: You must set the Users parameter to rw (read-write) for a user or group if you want the user or group to be able to import user information into Steel-Belted Radius Carrier.

[SNMPAgent] Section

[SNMPAgent] Section

If you use SNMP to monitor your Steel-Belted Radius Carrier server, the [SNMPAgent] section of admin.ini file must include this section to give Read access to the SNMP agent.