RADIUS

  • Published on Oct 28, 2024
  • 3 minute(s) read
  • jM
  • aA
 Prev Next

When using RADIUS authentication, by default all users are given “user level” access. This allows anyone logged into the system over RADIUS to download PCAPs but not change any configuration.

Create Admin Users

For some RADIUS users they require admin access, to configure the capture, start captures, set schedules etc.

Step 1) List the current users

To list the current users and privilege levels, use the FMADIO CLI command

show userlist

An example is shown below, where only the fmadio user account has admin privilege 

fmadio@fmadio100v2-228U:~$ fmadiocli "show userlist"
[Mon Oct 28 22:32:16 2024] CmdLine [show userlist]
[Mon Oct 28 22:32:16 2024] Cmd [show userlist]
[Mon Oct 28 22:32:16 2024] Showing User List
[Mon Oct 28 22:32:16 2024]
[Mon Oct 28 22:32:16 2024] UserList Enable: true
[Mon Oct 28 22:32:16 2024]
[Mon Oct 28 22:32:16 2024] --------------------------------------------------
[Mon Oct 28 22:32:16 2024]
[Mon Oct 28 22:32:16 2024]   UserName   : fmadio
[Mon Oct 28 22:32:16 2024]   Permission : full
[Mon Oct 28 22:32:16 2024]   SecBPF     :
[Mon Oct 28 22:32:16 2024]
[Mon Oct 28 22:32:16 2024] --------------------------------------------------
fmadio@fmadio100v2-228U:~$

Step 2) Create a user account

Create a user account. This is only assign a privilege level to a specific RADIUS user login, run the FMADIO CLI command. In this case we are creating a user named testuser

config userlist add testuser

Example output

fmadio@fmadio100v2-228U:~$ fmadiocli "config userlist add testuser"
[Mon Oct 28 22:39:41 2024] CmdLine [config userlist add testuser]
[Mon Oct 28 22:39:41 2024] Cmd [config userlist add testuser]
[Mon Oct 28 22:39:41 2024] Created new User [testuser]

Then show userlist command list the current users

fmadio@fmadio100v2-228U:~$ fmadiocli "show userlist"
[Mon Oct 28 22:41:16 2024] CmdLine [show userlist]
[Mon Oct 28 22:41:16 2024] Cmd [show userlist]
[Mon Oct 28 22:41:16 2024] Showing User List
[Mon Oct 28 22:41:16 2024]
[Mon Oct 28 22:41:16 2024] UserList Enable: true
[Mon Oct 28 22:41:16 2024]
[Mon Oct 28 22:41:16 2024] --------------------------------------------------
[Mon Oct 28 22:41:16 2024]
[Mon Oct 28 22:41:16 2024]   UserName   : testuser
[Mon Oct 28 22:41:16 2024]   Permission : user
[Mon Oct 28 22:41:16 2024]   SecBPF     :
[Mon Oct 28 22:41:16 2024]
[Mon Oct 28 22:41:16 2024]   UserName   : fmadio
[Mon Oct 28 22:41:16 2024]   Permission : full
[Mon Oct 28 22:41:16 2024]   SecBPF     :
[Mon Oct 28 22:41:16 2024]
[Mon Oct 28 22:41:16 2024] --------------------------------------------------
fmadio@fmadio100v2-228U:~$

Notice how the just created user testuser has the Permission user By default all created users are allocated to the “user level” access group.

Step 3) Configure the user to full admin

Configure the above testuser account to be a full admin level full user by running the command.

config user list permission testuser full

Example output below

fmadio@fmadio100v2-228U:~$ fmadiocli "config userlist permission testuser full"
[Mon Oct 28 22:44:04 2024] CmdLine [config userlist permission testuser full]
[Mon Oct 28 22:44:04 2024] Cmd [config userlist permission testuser full]
[Mon Oct 28 22:44:04 2024] modified username [testuser] to permission level [full]
fmadio@fmadio100v2-228U:~$

Then confirm the permission with the show userlistcomand

fmadio@fmadio100v2-228U:~$ fmadiocli "show userlist"
[Mon Oct 28 22:45:11 2024] CmdLine [show userlist]
[Mon Oct 28 22:45:11 2024] Cmd [show userlist]
[Mon Oct 28 22:45:11 2024] Showing User List
[Mon Oct 28 22:45:11 2024]
[Mon Oct 28 22:45:11 2024] UserList Enable: true
[Mon Oct 28 22:45:11 2024]
[Mon Oct 28 22:45:11 2024] --------------------------------------------------
[Mon Oct 28 22:45:11 2024]
[Mon Oct 28 22:45:11 2024]   UserName   : fmadio
[Mon Oct 28 22:45:11 2024]   Permission : full
[Mon Oct 28 22:45:11 2024]   SecBPF     :
[Mon Oct 28 22:45:11 2024]
[Mon Oct 28 22:45:11 2024]   UserName   : testuser
[Mon Oct 28 22:45:11 2024]   Permission : full
[Mon Oct 28 22:45:11 2024]   SecBPF     :
[Mon Oct 28 22:45:11 2024]
[Mon Oct 28 22:45:11 2024] --------------------------------------------------
fmadio@fmadio100v2-228U:~$

In the above now see the user testuser as full permission level.