Managing Authentication Servers LDAP Servers
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 31-24
• Number of frames received on the port during the client session from log-in to log-out: variable length
digits.
• Number of frames sent on the port during the client session from log-in to log-out: variable length
digits.
AccountFailTime
The AccountFailTime attribute log records the time stamp and accounting information of unsuccessful
user log-ins. The same fields in the Login Log—which are also part of the Logout log (separated by
carriage returns “|”)—are contained in the Login Fail log. A different carriage return such as the # sign can
be used in some situations. Additionally, these fields are included but apply only to the Login Fail log.
• User account ID or username client entered to log-in: variable length digits.
• Log-in fail error code: nn. For error code descriptions refer to the vendor-specific listing for the
specific directory server in use.
• Log-out reason code, for example PASSWORD EXPIRED(7) or AUTHENTICATION FAILURE(21).
Dynamic Logging
Dynamic logging can be performed by an LDAP-enabled directory server if an LDAP server is configured
first in the list of authentication servers configured through the aaa accounting session command. Any
other servers configured are used for accounting (storing history records) only. For example:
-> aaa accounting session ldap2 rad1 rad2
In this example, server ldap2 is used for dynamic logging, and servers rad1 and rad2 is used for
accounting.
If you specify a RADIUS server first, all of the servers specified is used for recording history records (not
logging). For example:
-> aaa accounting session rad1 ldap2
In this example, both the rad1 and ldap2 servers is used for history only. Dynamic logging does not take
place on the LDAP server.
Dynamic entries are stored in the LDAP-enabled directory server database from the time the user
successfully logs in until the user logs out. The entries are removed when the user logs out.
• Entries are associated with the switch the user is logged into.
• Each dynamic entry contains information about the user connection. The related attribute in the server
is bop-loggedusers.
A specific object class called alcatelBopSwitchLogging contains three attributes as follows:
Attribute Description
bop-basemac MAC range, which uniquely identifies the switch.
bop-switchname Host name of the switch.
bop-loggedusers Current activity records for every user logged
onto the switch identified by bop-basemac.
To Next Page
Loading...
Need help?
General
