The authorization of the user is stored in the RADIUS server. When a request arrives, the RADIUS server sends the access- and function rights to the LANCOM along with the login data, which then logs in the user with the appropriate privileges.
Access rights are usually defined in the RADIUS management privilege level (attribute 136), and the LANCOM simply maps this value to its internal access rights (option: "Mapped"). The attribute can have the following values, which are then mapped by the LANCOM:
- 1: User, read-only
- 3: User, write-only
- 5: Admin, read only, no trace rights
- 7: Admin, read and write, no trace rights
- 9: Admin, read-only
- 11: Admin, read and write
- 15: Supervisor
- The LANCOM maps any other values to "no access".
However, some RADIUS servers may also need to assign function rights, they may use attribute 136 differently, or they may use different, vendor-specific attributes for the authorization. In this case, you must select the vendor-specific attributes. These attributes are defined as follows, based on the LANCOM vendor ID '2356':
- Access rights ID: 11
- Function rights ID: 12
The transferred access-right values are identical to the above. If the RADIUS server also has to transfer function rights, you achieve this as follows:
- Open the console for the LANCOM.
- Change to the directory .
- The command set? shows you the current mapping of the function rights to the corresponding hexadecimal code (e.g. Device-Search (0x80)).
- To combine function rights, you add their hex values together.
- Convert the hexadecimal value to a decimal number.
- By using this decimal value in the function rights ID, you can transfer the corresponding rights.
- Telnet path:
- Possible values:
- Vendor-specific
- Mapped
- Default:
- Vendor-specific