Skip to main content

Tutorial: How to Change the Authentication Mode in the Command-Line Interface

Abstract

Access Server supports local, PAM, LDAP, RADIUS, and SAML authentication modes you can set from the command line.

Overview

Access Server supports multiple authentication methods you can manage from the Admin Web UI or the command-line interface (CLI). This tutorial provides information about changing the authentication mode from the CLI.

Prerequisites

  • An installed Access Server.

  • RADIUS, LDAP, or SAML authentication configured before setting as the default mode.

Step 1: Set the authentication mode

  1. Connect to the console and get root privileges.

  2. Set the authentication mode:

    sacli --key "auth.module.type" --value "<MODE>" ConfigPut1
sacli start

    1

    MODE can have these values: local; pam; radius; ldap; saml.

Important

Ensure you configure RADIUS, LDAP, or SAML before setting them as the authentication mode.

Step 2: Configure multiple authentication methods (optional)

Access Server supports multiple authentication methods. For instance, your admin users can sign in with credentials stored in the local database while your end users authenticate against an LDAP server. The above command sets the default authentication mode. You can allow LDAP, RADIUS, or SAML authentication for defined users or groups with the following commands:

  • Allow LDAP authentication for users and groups:

    sacli --key "auth.ldap.0.enable" --value "True" ConfigPut
sacli start

  • Allow RADIUS authentication for users and groups:

    sacli --key "auth.radius.0.enable" --value "True" ConfigPut
sacli start

  • Allow SAML authentication for users and groups:

    sacli --key "auth.saml.0.enable" --value "True" ConfigPut
sacli start
In this section: