Skip to main content

Authentication Methods

5.6.0Feature introduced


With the release of version 5.6, both Radius and LDAP remote authentication can be configured on a system. Radius will take precedence over LDAP, and is the first authorization request sent out. If Radius authentication is rejected or if the Radius Server is not available, then LDAP authorization is requested.

It is also possible to configure only Radius authentication.

Configure the Radius Server

To configure radius authentication, provide the following information in the configuration of the authority:

  radius-server  myradius
name myradius
port 8120
secret (removed) <--- testing123
timeout 10

Configure Radius Users

Radius authentication is locally administered and remotely authenticated.

admin@conductor-node-1.Conductor# create user
Username: test
Full Name: Test
Authentication Type (remote or local): remote
Roles (space separated): admin
Enabled (true or false): true
Account 'test' successfully created

LDAP User Authentication

LDAP users are remotely administered and remotely authenticated. For information about configuring LDAP users, please refer to LDAP User Account Requirements.

Local Users

Local users are locally administered and locally authenticated.

The create user command allows administrators to create user accounts for user and administrative access to the SSR router's management port. Issuing the create user <username> prompts for the new user's full name, password, whether they are an administrative or basic user, and the enabled/disabled state of that user account.

admin@labsystem1.fiedler# create user jdeveloper
Creating account "jdeveloper"...
Full Name: Joe Developer
Authentication Type (remote or local): local
Password: <not echoed to screen>
Confirm: <not echoed to screen>
Role (user | admin) [user]: admin
Enabled: true
Account "jdeveloper" successfully created

Password requirements have been updated in version 5.6. Please refer to Password Policies for more information.