aaa user¶
The following operations can be performed on "aaa user":
add | rm | set | bind | unbind | show | unlock
add aaa user¶
Adds a local AAA user account and verifies the configuration to ensure that it is correct.
Synopsys¶
add aaa user <userName> {-password }
Arguments¶
userName
Name for the user. Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the user is added.
The following requirement applies only to the NetScaler CLI:
If the name includes one or more spaces, enclose the name in double or
single quotation marks (for example, "my aaa user" or "my aaa user").
password
Password with which the user logs on. Required for any user account that does not exist on an external authentication server.
If you are not using an external authentication server, all user accounts must have a password. If you are using an external authentication server, you must provide a password for local user accounts that do not exist on the authentication server.
Example¶
add aaa user johndoe -password abcdadd aaa user johndoe -passwordThe above example adds user johndoe with password abcd for first case, password supplied on promptfor second case
rm aaa user¶
Removes a local AAA user account and the associated configuration.
Synopsys¶
rm aaa user <userName>
Arguments¶
userName
Name of the AAA user account to remove.
set aaa user¶
Configures the password for an existing local AAA user account. This command prompts you for a new password. NOTE: AAA does not request confirmation of the new password, so youmight want to test the new password before sending it to the user.
Synopsys¶
set aaa user <userName>
Arguments¶
userName
Name of the local AAA user account.
password
Password with which the user logs on. Required for any user account that does not exist on an external authentication server.
If you are not using an external authentication server, all user accounts must have a password. If you are using an external authentication server, you must provide a password for local user accounts that do not exist on the authentication server.
Example¶
set aaa user johndoe password abcdThe above command sets the password for johndoe to abcd
bind aaa user¶
Binds a policy to the specified user account.
Synopsys¶
bind aaa user <userName> [-policy <string> [-priority <positive_integer>]] [-intranetApplication <string>] [-urlName <string>] [-intranetIP <ip_addr> [<netmask>]] [-intranetIP6 <ip_addr|ipv6_addr|*> [<numaddr>]]
Arguments¶
userName
User account to which to bind the policy.
policy
Name for the policy that you are creating. Must begin with a letter, number, or the underscore character (_), and must consist only of letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at sign (@), equals (=), colon (:), and underscore characters. Cannot be changed after the policy is added.
The following requirement applies only to the NetScaler CLI:
If the name includes one or more spaces, enclose the name in double or
single quotation marks (for example, "my policy" or "my policy").
priority
Integer specifying the priority of the policy. A lower number indicates a higher priority. Policies are evaluated in the order of their priority numbers.
Minimum value: 0
intranetApplication
Name of the intranet VPN application to which the policy applies.
urlName
URL of the intranet application to which you are binding the policy.
intranetIP
IP address of the intranet application to which you are binding the policy.
netmask
Subnet mask for the IP range in which the intranet application to which you are binding the policy resides.
Required if the intranet application has multiple IP addresses bound to
it. Not needed if the intranet application resides on a single IP
address.
intranetIP6
IP6 address of the intranet application to which you are binding the policy.
numaddr
Number of addresses for the IPv6 range in which the intranet application to which you are binding the policy resides.
Required if the intranet application has multiple IPv6 addresses bound to
it. Not needed if the intranet application resides on a single IPv6
address.
Minimum value: 1
Example¶
To bind intranetip to the user joe: bind aaa user joe -intranetip 10.102.1.123
unbind aaa user¶
Unbinds a policy from the specified user account.
Synopsys¶
unbind aaa user <userName> [-policy <string>] [-intranetApplication <string>] [-urlName <string>] [-intranetIP <ip_addr> [<netmask>]] [-intranetIP6 <ip_addr|ipv6_addr|*> [<numaddr>]]
Arguments¶
userName
Name of the user account from which to unbind the policy.
policy
Name of the policy to unbind.
intranetApplication
Name of the intranet VPN application from which you are unbinding the policy.
urlName
URL of the intranet application from which you are unbinding the policy.
intranetIP
Intranet IP address of the application from which you are unbinding the policy.
netmask
Subnet mask for the IP range in which the intranet application from which you are unbinding the policy resides.
Required if the intranet application has multiple IP addresses bound to
it. Not needed if the intranet application resides on a single IP
address.
intranetIP6
IP6 address of the intranet application to which you are binding the policy.
numaddr
Number of addresses for the IPv6 range in which the intranet application to which you are binding the policy resides.
Required if the intranet application has multiple IPv6 addresses bound to
it. Not needed if the intranet application resides on a single IP
address.
Minimum value: 1
Example¶
unbind AAA user joe -intranetip 10.102.1.123
show aaa user¶
Displays the current configuration of a AAA user account.
Synopsys¶
show aaa user [<userName>] [-loggedIn]
Arguments¶
userName
Name of the user who has the account.
loggedIn
Show whether the user is logged in or not.
Outputs¶
groupName
The group name
policy
The policy Name.
priority
The priority of the policy.
intranetApplication
Name of the intranet VPN application to which the policy applies.
urlName
The intranet url.
actType
intranetIP
The Intranet IP bound to the user
netmask
The netmask for the Intranet IP
intranetIP6
The Intranet IP6 bound to the user
numaddr
Numbers of ipv6 address bound starting with intranetip6
policySubType
stateflag
password
Password with which the user logs on. Required for any user account that does not exist on an external authentication server.
If you are not using an external authentication server, all user accounts must have a password. If you are using an external authentication server, you must provide a password for local user accounts that do not exist on the authentication server.
devno
count
Example¶
Example> show aaa user joe UserName: joe IntranetIP: 10.102.1.123 Bound to groups: GroupName: engg Done>
unlock aaa user¶
Unlocks a AAA user account which has been locked earlier for exceeding login attempts.
Synopsys¶
unlock aaa user <userName>
Arguments¶
userName
Name of the AAA user account to unlock.