When a user attempts to login into the system, the local user database is consulted. If a corresponding account is found, the authentication method of that account is used to check the password.
Depending on the authentication method used:
- For locally authenticated accounts, the password is simply checked against the hash in the local user database. If the password is correct, user is logged in.
- For users with Radius authentication, if the Radius client in Unimus is not enabled, authentication for this user immediately fails.
- If Radius is enabled, a Radius Access Request is performed. If Radius responds with an Access Accept message, the user is logged in to the system.
After a successful login, an accounting record is always created in the local database. Even Radius-based logins are accounted in the local DB.
If Radius is enabled, an Radius Accounting Request is performed. The failure of Radius accounting is not considered as an error. This means a user will be allowed to log-in, even if Radius accounting fails. This is done because even logins using the local database are accounted against Radius (if Radius is enabled). If Unimus didn't allow login after Radius accounting failed, system access would not be possible in case of Radius failure.
An accounting record in the local DB is always created, so this mechanism does not compromise the auditability of the system access.
For more information on how user management works in Unimus, please check these articles: