Configuring aaa schemes, Configuring local users – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

17

NOTE:

To control access of login users by using AAA methods, you must configure the login authentication mode
for the user interfaces as scheme. For more information about login authentication modes, see

Fundamentals Configuration Guide.

Configuring AAA schemes

Configuring local users

To implement local user authentication, authorization, and accounting, you must create local users and
configure user attributes on the device. The local users and attributes are stored in the local user

database on the device. A local user is uniquely identified by a username. Configurable local user

attributes are as follows:

•

Service type
The types of the services that the user can use. Local authentication checks the service types of a
local user. If none of the service types is available, the user cannot pass authentication.
Service types include FTP, LAN access, Portal, PPP, SSH, Telnet, Terminal, and Web.

•

User state
Indicates whether or not a local user can request network services. There are two user states: active
and blocked. A user in active state can request network services, but a user in blocked state

cannot.

•

Maximum number of users using the same local user account
Indicates how many users can use the same local user account for local authentication.

•

Validity time and expiration time
Indicates the validity time and expiration time of a local user account. A user must use a valid local
user account to pass local authentication. When some users need to access the network

temporarily, you can create a guest account and specify a validity time and an expiration time for
the account to control the validity of the account.

•

User group
Each local user belongs to a local user group and bears all attributes of the group, such as the
password control attributes and authorization attributes. For more information about local user

group, see "

Configuring user group attributes

."

•

Password control attributes
Password control attributes help you control the security of local users' passwords. Password
control attributes include password aging time, minimum password length, and password

composition policy.
You can configure a password control attribute in system view, user group view, or local user view,

making the attribute effective for all local users, all local users in a group, or only the local user. A
password control attribute with a smaller effective range has a higher priority. For more

information about password management and global password configuration, see "Configuring

password control."

•

Binding attributes
Binding attributes are used for controlling the scope of users. They are checked during local
authentication of a user. If the attributes of a user do not match the binding attributes configured for