Cisco GSS Administration Guide (Software Version 2.0)
Creating and Managing User Accounts
Downloads: This chapterpdf (PDF - 494.0KB) The complete bookPDF (PDF - 5.14MB) | Feedback

Creating and Managing User Accounts

Table Of Contents

Creating and Managing User Accounts

Creating and Managing GSS CLI User Accounts

Creating a GSS User Account

Modifying a GSS User Account

Deleting a GSS User Account

Creating and Managing Primary GSSM GUI User Accounts

Privilege Levels for Using the Primary GSSM GUI

Creating a GUI User Account

Modifying a GUI User Account

Removing a GUI User Account

Changing the User Account GUI Password

Creating and Modifying User Views for the Primary GSSM GUI

Custom User View Overview

Creating a GUI User View

Modifying a GUI User View

Deleting a GUI User View

Modifying the Administrator Account Passwords

Resetting the Administrator CLI Account Password

Changing the Administrator CLI Password

Restoring or Changing the Administrator GUI Password


Creating and Managing User Accounts


This chapter describes how to create and manage GSS device CLI user login accounts and primary GSSM GUI user login accounts. It contains the following major sections:

Creating and Managing GSS CLI User Accounts

Creating and Managing Primary GSSM GUI User Accounts

Modifying the Administrator Account Passwords

Creating and Managing GSS CLI User Accounts

From the CLI of a GSS device, you can create user accounts that enable user access to a GSS device, including the primary GSSM and standby GSSM. You must individually manage user access to the CLI of each GSS device in the network. Only users with the administrator privilege can create, modify, or remove a GSS user account from the CLI.


Note The primary GSSM separately maintains the user accounts and passwords created to log in to the CLI of the device from those accounts and passwords created to log in to the GUI.


This section contains the following topics:

Creating a GSS User Account

Modifying a GSS User Account

Deleting a GSS User Account

Creating a GSS User Account

When you create a user account from the GSS CLI, specify the new username, password, and privilege level using the username command. You cannot create a new account without designating a value for each of these configuration settings.

To create a user account that can log in and access the CLI of a GSS device, perform the following steps:

1. Log in to the CLI and enable privileged EXEC mode.

gss1.example.com> enable
gss1.example.com# 

2. Access global configuration mode on the GSS.

gss1.example.com# config
gss1.example.com(config)# 

3. Create and configure your new login account by entering the username command. The syntax for this command is as follows:

username name {delete | password password privilege {user | admin}}

The arguments and keywords are as follows:

name—Specifies the username that you want to assign or change. Enter an unquoted alphanumeric text string with no spaces and a maximum of 32 characters. Usernames may contain alpha characters (for example, A-Z or a-z) and/or numerals. Numerals may be present at any position in the name.

delete—Deletes the named user or administrative account.

password password—Establishes the password. Specify the password that you want to assign. Enter an unquoted text string with no spaces and a maximum length of eight characters.

privilege—Sets the user privilege level. To create an administrative account, specify admin. To create a user account, select user.

For example, enter:

gss1.example.com(config)# username user_1 password mypwd privilege 
admin
User user_1 added.

4. Repeat Step 3 for each new user account that you want to create.

Modifying a GSS User Account

You can modify a GSS user account from the CLI by using the same procedure that you followed to create the account (see the "Creating a GSS User Account" section). Use the username command to enter the full username, password, and privilege level, substituting the new values for the configuration settings that you want to change.

For example, enter:

gss1.example.com(config)# username user_1 password newpwd privilege 
user
User user_1 exists, change info? [y/n]: y

Deleting a GSS User Account

You can delete an existing user account for accessing the GSS from the CLI by entering the username command. The GSS restricts you from deleting the "admin" account.

For example, enter:

gss1.example.com#(config) username user_1 delete
User user_1 removed

Creating and Managing Primary GSSM GUI User Accounts

By using the administrative capabilities of the primary GSSM GUI, you can create and maintain user accounts to access the primary GSSM GUI. In addition to login name and password information, you can assign user privileges, specify custom GUI user views, and maintain contact information for each user. Only users with administrator privilege can create, modify, or remove a primary GSSM GUI user account.


Note The primary GSSM separately maintains the user accounts and passwords created to log in to the GUI from those accounts and passwords created to log in to the CLI.


This section contains the following topics:

Privilege Levels for Using the Primary GSSM GUI

Creating a GUI User Account

Modifying a GUI User Account

Removing a GUI User Account

Changing the User Account GUI Password

Creating and Modifying User Views for the Primary GSSM GUI

Privilege Levels for Using the Primary GSSM GUI

As the GSS administrator, you can control the GUI pages that a user accesses and the associated functions that a user can perform from the primary GSSM GUI. You control primary GSSM GUI access through the assignment of one of the three user privilege levels, also called "roles." Each of the following roles grants specific access to the GUI based on the assigned role:

Administrator—Full configuration privileges and complete access to the primary GSSM GUI.

Operator—Limited configuration privileges in the primary GSSM GUI, but the operator can view list pages, view detail pages, and monitor global server load-balancing statistics.

Observer—No configuration privileges in the primary GSSM GUI, but the observer can monitor global server load-balancing statistics.

Table 3-1 outlines the supported primary GSSM GUI functionality and accessibility for the three user roles.

Table 3-1 User Privilege Roles for Using the Primary GSSM GUI 

User Role
Functionality
Accessibility

Administrator

Full functionality

Full access to the primary GSSM GUI pages.

Operator

The operator has the following functionality privileges:

Suspend and activate permissions for answers only

View list pages, detail pages, and statistics

Restricted from creating, modifying, or deleting any configuration items appearing in the primary GSSM GUI

The operator has the following access privileges:

DNS Rules Tab—

Access to all navigation links.

Access to the Modify icons to view the detail pages. The Delete icon and Submit icons are unavailable.

Access to the Suspend and Activate icons on the Modifying Answer and Modifying Answer Group detail pages.

Access to the Filter DNS Rules List and Show All DNS Rules icons on the DNS Rules list page.

Restricted from the DNS Rule Builder and DNS Rules Wizard icons and pages on the DNS Rules list page.

Operator (continued)

 

Resources tab—Access to the Locations and Owners navigation links to:

Activate or suspend all answers associated with a location

Activate or suspend all answers associated with answer groups held by an owner.

Restricted from activating and suspending all DNS rules associated with an owner.

Monitoring tab—Access to all navigation links and list pages.

Tools tab—Access to only the Change Password navigation link and detail page.

Traffic Mgmt tab—
Access to all navigation links, list pages, and detail pages.

Observer

The observer has read-only privileges to monitor statistics.

Observers cannot do the following:

Create, modify, or delete any configuration item.

Perform any suspend or activate functions

View list pages or detail pages (but observers can view statistics)

The observer has the following access privileges:

DNS Rules Tab—
Restricted from access to the DNS Rules tab.

Resources tab—Restricted from access to the Resources tab.

Monitoring tab—Access to all navigation links and list pages.

Tools tab—Access to only the Change Password navigation link and detail page.

Traffic Mgmt tab—
Restricted from access to the Traffic Mgmt tab.


To further control what an operator or observer can access in the primary GSSM GUI, you can define and assign custom views to a user. A custom view limits the data (configuration and statistics) visible on a primary GSSM GUI page using configured answers, shared keepalives, locations, and owners. See the "Creating and Modifying User Views for the Primary GSSM GUI" section for details.

Creating a GUI User Account

To create a GSSM GUI user account from the primary GSSM GUI, perform the following steps:

1. Click the Tools tab.

2. Click the User Administration navigation link. The Users list page appears (see Figure 3-1).

Figure 3-1 Users List Page

3. Click the Create User icon. The Creating New User details page appears (see Figure 3-2).

Figure 3-2 Creating New User Details Page

4. In the User Account area, enter the login name for the new account in the Username field. Usernames can contain spaces.

5. In the Password field, enter the alphanumeric password for the new account.

6. In the Re-type Password field, reenter the password for the new account.

7. In the Role field, choose from the three user privilege levels to define what the user has access to when using the primary GSSM GUI:

Administrator—Full configuration privileges and complete access to the primary GSSM GUI.

Operator—Limited configuration privileges in the primary GSSM GUI, but the operator can view list pages, view detail pages, and monitor statistics.

Observer—No configuration privileges in the primary GSSM GUI, but the observer can monitor statistics.

You must assign a user to one of the three privilege levels. If you fail to assign a privilege level, the GSS automatically assigns the observer role to a new user.


Note Primary GSSM GUI privileges assigned to a user from the TACACS+ server override the user privilege level defined from the GSSM User Administration details page.


See the "Privilege Levels for Using the Primary GSSM GUI" section for information about the multiple levels of access that are available to a user when using the primary GSSM GUI.

8. In the View drop-down list, choose View All or choose from one of the previously created custom user views:

View All—Enables the user to see all configuration items and statistics displayed in the primary GSSM GUI. This is the default selection when you create a user.

User View—For a user with an assigned operator or observer role, a user view allows the administrator to limit the configuration data and statistics available to the user when accessing the primary GSSM GUI.


Note Only an administrator can create a view. See the "Creating and Modifying User Views for the Primary GSSM GUI" section for details. An administrator may find it useful to set the view to a defined User View to test the behavior of view while in the process of creating it.


9. In the Personal Information area, enter the user's first name in the First Name field.

10. In the Last Name field, enter the last name of the user. The first and last names appear next to the user's login whenever that user logs in to the primary GSSM.

11. (Optional) Fill in the rest of the user contact information:

Job Title—Position within the organization

Department—Business unit or group

Phone—Business telephone number

E-mail—E-mail address

Comments—Any important information or comments about the user account

12. Click Submit to create your new user account and return to the User Administration list page.

Modifying a GUI User Account

To modify an existing GSSM user account from the primary GSSM GUI, perform the following steps:

1. Click the Tools tab.

2. Click the User Administration navigation link. The Users list page appears (see Figure 3-1) listing existing user accounts.

3. Click the Modify User icon to the left of the user account that you want to modify. The Modifying User details page appears (see Figure 3-2) listing fields for modifying your GUI session settings.

4. Use the fields in the Modifying User details page to modify the details of the user account.

5. Click Submit to save changes to the account and return to the Users list page.

Removing a GUI User Account

To remove an existing GSSM GUI user account from the primary GSSM GUI, perform the following steps:

1. Click the Tools tab.

2. Click the User Administration navigation link. The Users list page appears (see Figure 3-1) listing existing user accounts.

3. Click the Modify User icon to the left of the user account that you want to remove. The Modifying User details page appears (see Figure 3-2), displaying that user's account information.

4. Click the Delete icon. The software prompts you to confirm your decision to permanently remove the user. You cannot delete the "admin" account.

5. Click OK to remove the user account and return to the Users list page. The user account is removed from the list page.

Changing the User Account GUI Password

You can change the password for the account that is used to log in to the primary GSSM. Use the Change Password detail page of the primary GSSM GUI to change the password. You must know the existing password for an account before you can change it.


Note If you change the administration password that is used to log in to the primary GSSM GUI and then either lose or forget the password, you can reset it back to "default" by using the reset-gui-admin-password CLI command. See the "Restoring or Changing the Administrator GUI Password" section for details.


To change your account password from the primary GSSM GUI, perform the following steps:

1. Click the Tools tab.

2. Click the Change Password navigation link. The Change Password details page (see Figure 3-3) appears displaying your account name in the Username field.

Figure 3-3 GSSM Change Password Details Page

3. In the Old Password field, enter your existing GSSM login password.

4. In the New Password field, enter the string that you would like to use as the new GSSM login password.

5. In the Re-type New Password field, enter the new password string a second time. This action is used to verify that you have entered your password correctly.

6. Click Submit to update your login password.

Creating and Modifying User Views for the Primary GSSM GUI

By default, an administrator, operator, and observer has the view set to View All and can see all configuration data and global server load-balancing statistics in the primary GSSM GUI pages. By creating and assigning views to a user with operator or observer privileges, the administrator can control what configuration and statistical data is available to those users when accessing primary GSSM GUI pages.


Note Only an administrator can create, modify, or delete a user view.


This section contains the following topics:

Custom User View Overview

Creating a GUI User View

Modifying a GUI User View

Deleting a GUI User View

Custom User View Overview

As the GSS administrator, you can define a set of custom views that limit the data (configuration data and statistics) available on a primary GSSM GUI page. Each custom user view can include selections from the following properties:

Answers

Shared keepalives

Locations

Owners

You specify the individual answers, shared keepalives, locations, and owners that define the properties of a custom user view. When you assign a custom view to a user account, the user can see only the configured data and statistics associated with their view. The user is restricted from viewing any additional configured answers, shared keepalives, locations, and owners that might exist in the primary GSSM GUI.

You can also provide administrator privileges to a user. With administrator privileges, that user can change the view used for the GUI session (for example, back to the View All setting). This capability can be useful for an administrator to test the behavior of a view while in the process of creating it.

When you select individual answers, shared keepalives, locations, or owners as part of a custom view, keep in mind that the relationship between those configuration data and the other configuration data in the primary GSSM GUI. The following is a summary of the relationship between configuration data and properties in the primary GSSM GUI:

DNS rules, answer groups, source address lists, and domain lists specify owners as a defining property

Answer groups specify answers as a defining property

Answers specify locations as a defining property

The relationship between configuration data in the primary GSSM GUI has a direct impact on what configuration data and statistics are visible in a custom view. For example, if the primary GSSM GUI has four configured owners and you assign two owners to a custom view, only the DNS rules, answer groups, source address lists, and domain lists that reference those two owners are visible in the custom view. The remaining DNS rules, answer groups, source address lists, and domain lists will be hidden from the primary GSSM GUI pages because they reference the other two owners not currently included in the custom view.

Creating a GUI User View

To create a GUI user view, perform the following steps:

1. From the primary GSSM GUI, click the Tools tab.

2. Click the Views navigation link. The User Views list page appears (see Figure 3-4).

Figure 3-4 User Views List Page

3. Click the Create User Views icon. The Creating New User View—General Configuration details page appears (see Figure 3-5).

Figure 3-5 Creating New User View—General Configuration Details Page

4. In the General Configuration details page (General Configuration navigation link), perform the following:

a. In the Name field, enter a name for your new user view. View names can be from 1 to 80 alphanumeric characters and cannot contain spaces.

b. In the Comments field, enter descriptive information or important notes regarding the new user view.

5. Click the Add Answers navigation link to define the answers available in the custom user view. The Add Answers details page appears (see Figure 3-6). Click the check box corresponding to each existing answer you want to add to the custom user view.

If the list of answers on your GSS network spans more than one page, select the answers from only the first page of answers, and then click Add Selected before proceeding to another page of answers.


Note The primary GSSM GUI supports a maximum of 100 answers in a custom user view.


Figure 3-6 Creating New View—Add Answers Details Page

6. Click the Add Keepalives navigation link to define the shared keepalives available in the custom user view. The Add Keepalives details page appears (see Figure 3-7). Click the check box corresponding to each existing shared keepalive you want to add to the custom user view.

If the list of shared keepalives on your GSS network spans more than one page, select the shared keepalives from only the first page of keepalives, and then click Add Selected before proceeding to another page of shared keepalives.


Note The primary GSSM GUI supports a maximum of 100 keepalives in a custom user view.


Figure 3-7 Creating New View—Add Keepalives Details Page

7. Click the Add Locations navigation link to define the locations available in the custom user view. The Add Locations details page appears (see Figure 3-8). Click the check box corresponding to each existing location you want to add to the custom user view.

If the list of locations on your GSS network spans more than one page, select the locations from only the first page of locations, then click Add Selected, before proceeding to another page of locations.


Note The primary GSSM GUI supports a maximum of 200 locations in a custom user view.


Figure 3-8 Creating New View—Add Locations Details Page

8. Click the Add Owners navigation link to define the owners available in the custom user view. The Add Owners details page appears (see Figure 3-9). Click the check box corresponding to each existing owner you want to add to the custom user view.

9. If the list of owners on your GSS network spans more than one page, select the owners from only the first page of owners, and then click Add Selected before proceeding to another page of owners.


Note The primary GSSM GUI supports a maximum of 500 owners in a custom user view.


Figure 3-9 Creating New View—Add Owners Details Page

10. Click the appropriate Remove navigation link to remove answers, keepalives, locations, or owners from this custom user view. The associated detail page then appears. Figure 3-10 illustrates the Remove Answers details page.

11. Click the check boxes that correspond to the items that you want to remove from the custom user view, and then click Remove Selected.

Figure 3-10 Creating New View—Remove Answers Details Page

12. When you complete defining the user view, click the General Configuration navigation link to return to the Creating New User View - General Configuration details page (see Figure 3-11). The selected items assigned to this view appear in the Current Owners, Current Locations, Current Answers, or Current KeepAlives section of the page.

Figure 3-11 Creating New User View—General Configuration Details Page With Selected Items Assigned to the View

13. Click Submit to save your new user view.

Modifying a GUI User View

To modify a user view from the primary GSSM GUI, perform the following steps:

1. Click the Tools tab.

2. Click the Views navigation link. The User Views list page appears (see Figure 3-4).

3. Click the Modify User View icon located to the left of the user view that you want to modify. The Modify User View details page appears.

4. In the General Configuration details page (General Configuration navigation link), use the fields provided to modify the name or comments for the user view.

5. Click the appropriate Add navigation link to add additional answers, keepalives, locations, or owners to the custom user view. The associated details page appears. Click the check boxes that correspond to the items that you want to add to the custom user view, and then click Add Selected.

6. Click the appropriate Remove navigation link to remove answers, keepalives, locations, or owners from the custom view. The associated details page appears. Click the check boxes that correspond to the items that you want to remove from the custom user view, and then click Remove Selected.

7. Click Submit to save changes to the user view.

Deleting a GUI User View

To delete a user view from the primary GSSM GUI, perform the following steps:

1. Click the Tools tab.

2. Click the Views navigation link. The User Views list page appears (see Figure 3-4).

3. Click the Modify User View icon located to the left of the user view that you want to modify. The Modify User View details page appears.

4. Click the Delete icon in the upper right corner of the page. The GSS software prompts you to confirm your decision to delete the user view.

5. Click OK to return to the User Views list page with the user view removed.

Modifying the Administrator Account Passwords

This section describes how to reset the administrator account password from the GSS CLI. It also discusses how to restore the default administration password to log in to the primary GSSM.

This section contains the following topics:

Resetting the Administrator CLI Account Password

Changing the Administrator CLI Password

Restoring or Changing the Administrator GUI Password

Resetting the Administrator CLI Account Password

If you forget the password for the GSS administrator account, you can reset it from the GSS CLI. You must have physical access to the GSS device to perform this procedure.

To reset the administrator CLI account password, perform the following steps:

1. Attach an ASCII terminal to the Console port on the GSS device. See the Cisco Global Site Selector Hardware Installation Guide for instructions on connecting a console cable to your GSS series hardware.

2. If the GSS device is currently up and running, power cycle it to perform a restart of the GSS. As the GSS reboots, the output appears on the console terminal.

3. After the BIOS boots and the LILO boot: prompt appears, enter ? (a question mark) to determine which software version the GSS device is running and to enter boot mode.

LILO boot: ?
GSS-<software_version>
boot:

At the LILO boot: prompt, press Tab or ? to view a listing of the available GSS software images.


Note Enter the ? command within a few seconds of seeing the LILO boot prompt or the GSS device continues to boot. If you miss the time window to enter the ? command, wait for the GSS to properly complete booting, cycle power to the GSS device, and try again to access the LILO boot prompt.


4. At the boot: prompt, enter GSS-<software_version> RESETADMINCLIPW=1. Be careful when entering this command; this CLI command is case sensitive.

For example, to specify GSS software version 1.3.1, enter:

boot: GSS-1.3.1 RESETADMINCLIPW=1

If you successfully reset the administrator password, the "Resetting admin account CLI password" message appears on the console terminal while the GSS device reboots. If the message does not appear, repeat Steps 2 through 4. Pay close attention when you enter the GSS-<software_version> RESETADMINCLIPW=1 command.

Changing the Administrator CLI Password

You can change the administrator password that accesses the GSS CLI by using the username global configuration mode command.

The syntax for this command is as follows:

username name password password

The arguments and keywords are as follows:

name—Username that you want to assign or change. Enter an unquoted text string with no spaces and a maximum of 32 characters. Login names may contain alpha characters (for example, A-Z or a-z) and/or numerals. Numerals may be present at any position in the name.

password password—Modifies the password used to log in to the GSS CLI. Specify the password that you want to change. Enter an unquoted text string with no spaces and a maximum length of eight characters.

For example, to change the administrator password to mynewpassword, enter:

gssm1.example.com(config)# username admin password mynewpassword 
privilege admin

Restoring or Changing the Administrator GUI Password

You can restore the default administrator password used to log in to the primary GSSM GUI, or change the administrator password by using the reset-gui-admin-password command. The GSS stores the administrator username and password in a safe partition of the hard disk to prevent loss of data due to power failures. If you change the administrator password, and then either lose or forget the password, you can reset the password back to default by using the reset-gui-admin-password command on the primary GSSM.

Only users with the administrator privilege can remove or change the administrator's GUI password.

The syntax for this command is as follows:

reset-gui-admin-password [password text]

The optional password text keyword and argument allow you to change the administrator password used to log in to the primary GSSM GUI. Enter an unquoted text string of 6 to 16 characters with no spaces.

For example, to change the change the administrator password to mynewpassword, enter:

gssm1.example.com# reset-gui-admin-password password mynewpassword