Unimus
Page tree

Versions Compared

Old Version 4

changes.mady.by.user Tomas Kirnak

Saved on

compared with

New Version Current

changes.mady.by.user Tomas Kirnak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

System access handling

Unimus support supports internal and external user authentication. Radius and LDAP are currently supported for external authentication (see below for more details).

For more information on how Unimus handles system access handling(logins), please see this article: System login.

...

Local system users can be managed in "User management > Local users".
You can create and/or remove local user accounts here.

One local Administrator-level user account must always be present, so deleting the last user is not possible.

User access roles and access limitation

Unimus support full user ACLs. You RBAC (role-based access control) - you can limit certain user accounts to certain access rolesspecific role-based operations.
For more information please see this article: Account security roles.

Radius configuration

Unimus contains a Radius client, so it can AAA user logins against a central Radius server.

You will needs to configure a Radius server address (IP or FQDN) and a Radius shared secret.
The "Enable Radius" check-box controls if Radius is used to AAA user logins or not.

The "Show test" function uses currently configured Radius settings, even if they are not saved.
This allows you to test your Radius configuration before saving it to the system.

In addition to RBAC, Unimus also allows for limiting access of specific accounts to only selected devices in the system (for example, limit junior admins to only see specific switches in Unimus).
For more information please see this article: Device access restrictions

External Auth / AAA

Unimus supports full external AAA with Radius, and / or external auth with LDAP.

Please see the following articles for each respective auth scheme:

System access history

The system access history table shows all accounting records written to the local database. It will tell you who, when and how logged in to Unimus.
Session start and end timestamps are logged, as well as the final session duration. You can also configure notifications on failed (or even successful) login attempts into Unimus in the "Notifications" menu. All login attempts (successful and failed) are also logged into the log file.

Login notifications, as well as log file logging support standard proxy headers to properly report login attempt IP address when using a reverse proxy (Apache / NGINX). Supported proxy headers:

  • X-Forwarded-For
  • X-Originating-IP
  • X-Real-IP