Configuring Template Accounts for RADIUS and TACACS+ Authentication with the C-Web Interface
When a user logs in to the CLI, the following authentication is performed:
- RADIUS and /or TACSACS+ server authentication
- Authentication through a user account configured under
[system login user]
For authorization purposes, you can use a template account to create a single account that can be shared by a set of users at the same time.
Typically when you use RADIUS and/or TACACS+ authentication, the user account is shared among a group of users who have the same privileges. You create template accounts for sets of users. Template accounts can be named:
remote
—(Default) A single account that defines user permissions for all users that authenticate through RADIUS or TACACS+name-of-your-choice
—Account for a group of usersUse a named template account when you need different types of templates. Each template can define a different set of permissions appropriate to a group of users who use that template. For example, you can configure a set of remote users to concurrently share a single user ID.
When a user is part of a group that uses a template account, the command-line interface (CLI) username is the login name; however, the privileges, file ownership, and effective username are inherited from the template account.