|
|
|
In order to provide user accounts with the same granularity of privileges as on the Avaya switch, Vendor Specific Attributes (VSA) must be configured on the RADIUS server and a Group name must be set on the Avaya switch. When set, the Group name is sent along with the Access Request message to the RADIUS server.
The RADIUS server will send an Access Accept message if the user name, password, and Group name match that of the user account. If so, the Access Accept message will include the VSAs that identify the privileges the user has.
NOTE: If a user has a Standard RADIUS account, one that does not contain the Group name, the RADIUS server will still respond with an Access Accept message; but the message will not contain the Group name or the VSAs. This is a security loophole. See the Switch-Service-Type-Required parameter below for more information
Avaya Service-Types specify the level of privileges a user has. The following three types are supported:
Avaya Management Types specify what method the user can use to manage the switch. The following four types are supported:
|
|
|