User authentication in Lighthouse can either use a local password database, or a remote authentication service. Lighthouse supports the following remote authentication services:
- LDAP
- RADIUS
- TACACS+
To determine the level of access that a user has, the user must belong to a group. For local users, add the user to a group on the user configuration page.
Remote user authorization
For remote users we use a few methods to map remote group membership to local groups on box.
For examples on how to configure your remote AAA server, see the Remote Users section of the linked article.
Note: Lighthouse does not support admin access via TACACS privilege level, or specific LDAP DNs for different roles.
Combining remote and local authentication
In the situation where a remote authentication service is not contactable, Lighthouse will fall back to using local authentication. This is the same as the xDownLocal authentication on Opengear Console Servers (where x is the remote authentication service).
Comments
0 comments
Article is closed for comments.