[Top][Contents][Prev][Next][Last]Search

Creating User Profiles

This chapter covers the following topics:
Overview
Understanding the User profile parameters
Understanding command permissions
Sample User profiles
Customizing the environment for a User profile

Overview

User profiles are for MAX TNT system administration. Do not confuse them with Connection profiles. User profiles are used by administrators who need access to the MAX TNT command line interface to monitor or configure the unit. Connection profiles contain authentication and configuration information for a remote device or user and allow the remote user to connect to the MAX TNT for WAN or LAN access.

You can create any number of User profiles and fine-tune the privileges they allow. In addition to authentication and permission information, User profiles also contain parameters that affect how the user's environment appears at login.

The MAX TNT ships with two predefined User profiles, named Admin and Default. The Admin account is the super-user, with full read-write permissions. Default is set to the other extreme. It authorizes the minimal use of commands.

Many sites choose to create some administrative accounts in a read-only mode, to allow those users to check status windows, read log buffers, and execute diagnostic commands. You need at least one administrative account in read-write mode, but you may choose to create several such accounts.

Understanding the User profile parameters

Figure 7-1 describes common tasks you might have to perform to configure a User profile. The table includes a brief description of each task and lists the parameters you will use.

Table 7-1. Overview User profile tasks

Task

Description

Associated parameters
Setting the name and password

 When you create a new User profile with the New command, the system creates a default instance of the profile and reads it into the edit buffer. The name and password you assign to the profile represent a user or host name and a password used to authenticate that user at login.

Name
Password

Activating the profile

 The User profile is activated when you first create it. If you set Active-Enabled to No, the profile is not available for use.

Active-Enabled

Assigning permissions

 Permissions control which actions the user who logs in with this profile can perform on the MAX TNT.

Allow-Termserv
Allow-System
Allow-Diagnostic
Allow-Update
Allow-Password
Allow-Code

Logging the user out when idle

With the Idle-Timeout setting, you can specify the number of seconds a Telnet session can remain logged in with no keyboard activity.

Idle-Timeout

Setting the command-line prompt

 The default command-line prompt is TNT>. If you set the prompt to an asterisk, the MAX TNT uses the name parameter as the prompt. For example, for the admin User profile, the prompt would be admin>.

Prompt

Specifying which status windows are displayed at login

 You can display status windows by default at login, and you can specify what information should be displayed initially in the top, bottom, and left windows.

Default-Status
Left-Status
Top-Status
Bottom-Status

Defining which log messages will be displayed

 You can specify that log messages should be displayed immediately in the interface, instead of written to a log. You can also specify at which level the immediate display should begin. The lowest level is none, indicating that no messages should be displayed in the command-line interface. The highest level is debug.

Log-Message-Level

Understanding command permissions

Permissions control which actions the user who logs in with a particular profile can perform on the MAX TNT. Each permission enables the use of a command class. When you use the Help command to display available commands, the left column shows command names, and the right column shows the command class. For example:

Typically, read-write accounts enable the System command class. They might also enable the Update and Code command classes. Read-only accounts might be limited to the Diagnostic command class. Table 7-2 shows the commands associated with each permission:

Table 7-2. Permissions and associated commands

Permission

Command class

Commands in this class
N/A
(always enabled)

 User

 ?
Auth
Clear

 Help
Quit
Whoami

Allow-System

 System

 ARP
ARPtable
Clr-history
Connection
Dir
Dircode
Fatal-History
Get
HDLC
IGMP
IPcache
IProute
Line
List
Log
Modem

 Netstat
New
OSPF
Power
Quiesce
Read
Refresh
Set
Show
Status
SWANlines
T1channels
Userstat
Version
View

Allow-Diagnostic

 Diagnostic

Callroute
Clock-Source
Debug
Device
Ether-Display
If-Admin

 NSlookup
Open
Ping
Rlogin
Slot
Telnet
Traceroute

Allow-Update

 Update

 Date
Delete
Load
Nvram

 Reset
Save
Write

Allow-Code

Code

 Format

 Fsck

Allow-Rermserv

 Termserv. This permission enables the user to invoke the Terminal-Server command and use the terminal-server interface.

 Terminal-server

Allow-Password

N/A

 See caution below.

















 


 Caution:  The Allow-Password permission enables the user to view passwords. If set to No, 
the user sees a row of asterisks instead of the actual configured password. If the administrator 
that backs up system configurations does not have the Allow-Password permission set to Yes, 
passwords are not saved as part of the configuration.





 Sample User profiles


If you have administrative privileges, you can create any number of User profiles that grant other administrators various degrees of access to the system. 


When you create a new profile by specifying its index on the command line, the Default profile is used as the template. In the following is an example, an administrator creates a read-write administrative login named Marco, which has access to System, Diagnostic, and Update command classes:



Following is an example of creating a User profile named Test, which is based on the Admin profile but restricts some permissions and has a different password:



In the following example, an administrator creates a profile that enables the user to use the terminal-server commands but not to perform any other actions:



To log in by means of the new profile:




 Customizing the environment for a User profile


In addition to authentication and permission information, User profiles also contain parameters that affect how the user's environment appears at login. You can customize the following areas:




 Setting the system prompt


The default command-line prompt is TNT>. You configure the prompt with the Prompt parameter. An asterisk in this setting causes the MAX TNT to substitute the value of the profile's name parameter upon successful login. For example, for the Admin profile, the prompt would be as follows:


admin>



 Specifying status window information


The MAX TNT generates a continuous stream of statistics about its activities. You can specify in a User profile whether these statistics should always be displayed when a user logs in using that profile, and what the areas of the window should display by default. Opening the status window requires an 80-column by 24-row VT100 window. 


The default contents of the status window are determined by the following default settings for a User profile:



You can change these defaults by modifying your User profile. See the MAX TNT Reference Guide for details of using these parameters.


Figure  7-1 shows the default contents for each area of the status window: 



Figure 7-1. 	 Information in the status window



Following is an example of configuring the User profile to display the status window upon login, and to show line information in the bottom area of the window:


USER/test read





 Setting log levels for each login


You can configure the User profile to display a certain level of log messages immediately in the interface, in addition to writing them to a log file. Following is an example that causes critical, alert, and emergency messages to be displayed in the interface, interrupting whatever work might be going on at the prompt:



Critical messages indicate that an interface has gone down or a security condition has been noted. Alert messages indicate that something undesirable has happened but probably will not prevent normal operation of the system. Emergency messages indicate that something undesirable has happened and will probably prevent normal operation.


Other levels include Error messages (an error condition has occurred), Warning messages (something out of the ordinary has occurred, such as a login failure), Notice (events in normal operation, such as a link going up or down), Info (changes that are not normally of interest), Debug (messages related to debugging configurations), and None (no messages are displayed). 



 Logging in as a different user


To login with a different User profile, use the Auth command, as in the following example:



You must supply the password configured in the specified profile to be logged in as the user. Logging in as a different user can be helpful for verifying that the User profile permissions are correct. 



 Specifying a timeout for logins


You can specify a timeout period after which idle sessions on the MAX TNT disconnect	. The default is 60 seconds. To configure an idle timeout, proceed as in the following example:


    

  1.  Read the System profile:



     

  2.  Specify an idle time period:



     

  3.  Write the profile:





 Finding the current user


To find out which User profile you are currently using, enter the Whoami command. For example:


admin










 
[Top][Contents][Prev][Next][Last]Search





 




 techpubs@eng.ascend.com



Copyright © 1997, Ascend Communications, Inc.   All rights
reserved.