vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

system: RADIUS: add new CLI syntax for 1.3

Browse Source 
RADIUS system login CLI has been refactored (https://phabricator.vyos.net/T1344)
Adjust examples to new syntax.
This commit is contained in:
Christian Poessinger 2019-08-06 09:37:55 +02:00
parent 9c87432239
commit 1f762c76bc
1 changed files with 17 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
docs/system/login-users.rst
View File

@ -33,7 +33,7 @@ will show the contents of :code:`system login` configuration node:
user jsmith { user jsmith {
authentication { authentication {
encrypted-password $6$0OQHjuQ8M$AYXVn7jufdfqPrSk4/XXsDBw99JBtNsETkQKDgVLptXogHA2bU9BWlvViOFPBoFxIi.iqjqrvsQdQ./cfiiPT. encrypted-password $6$0OQH[...]vViOFPBoFxIi.iqjqrvsQdQ./cfiiPT.
plaintext-password "" plaintext-password ""
} }
full-name "Johan Smith" full-name "Johan Smith"
@ -63,7 +63,7 @@ key.
.. code-block:: sh .. code-block:: sh
set system login user jsmith authentication public-keys callisto key 'AAAAB3Hso...Q==' set system login user jsmith authentication public-keys callisto key 'AAAABo..Q=='
set system login user jsmith authentication public-keys callisto type 'ssh-rsa' set system login user jsmith authentication public-keys callisto type 'ssh-rsa'
RADIUS RADIUS
@ -77,24 +77,26 @@ a default timeout and port.
.. code-block:: sh .. code-block:: sh
set system login radius-server 192.168.1.2 secret 's3cr3t0815' set system login radius server 192.168.1.2 secret 's3cr3t0815'
set system login radius-server 192.168.1.2 timeout '5' set system login radius server 192.168.1.2 timeout '5'
set system login radius-server 192.168.1.2 port '1812' set system login radius server 192.168.1.2 port '1812'
set system login radius-server 192.168.1.3 secret 's3cr3t0816' set system login radius server 192.168.1.3 secret 's3cr3t0816'
This configuration results in: This configuration results in:
.. code-block:: sh .. code-block:: sh
show system login show system login
radius-server 192.168.1.2 { radius {
server 192.168.1.2 {
secret s3cr3t0815 secret s3cr3t0815
timeout 5 timeout 5
port 1812 port 1812
} }
radius-server 192.168.1.3 { server 192.168.1.3 {
secret s3cr3t0816 secret s3cr3t0816
} }
}
.. note:: If you wan't to have admin users to authenticate via RADIUS it is .. note:: If you wan't to have admin users to authenticate via RADIUS it is
essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without
@ -111,7 +113,7 @@ networks when a link fails.
.. code-block:: sh .. code-block:: sh
set system login radius-source-address 192.168.1.254 set system login radius source-address 192.168.1.254
Login Banner Login Banner
^^^^^^^^^^^^ ^^^^^^^^^^^^
@ -123,7 +125,4 @@ You are able to set post-login or pre-login messages with the following lines:
set system login banner pre-login "UNAUTHORIZED USE OF THIS SYSTEM IS PROHIBITED\n" set system login banner pre-login "UNAUTHORIZED USE OF THIS SYSTEM IS PROHIBITED\n"
set system login banner post-login "Welcome to VyOS" set system login banner post-login "Welcome to VyOS"
the **\\n** create a newline. **\\n** create a newline.