Skip to main content

Tutorial: Manage the Local Authentication Method from the Command-Line Interface

Abstract

Use this tutorial to manage local authentication for Access Server from the command-line interface.

Overview

Use this tutorial to find the commands necessary to manage the local authentication method for Access Server.

Access Server stores user and group properties in the /usr/local/openvpn_as/etc/db/userprop.db file for local authentication mode.

Prerequisites

  • An installed Access Server.

  • Console access with the ability to get root privileges.

Commands to configure local authentication

  • Set the default authentication mode to local:

    sacli --key "auth.module.type" --value "local" ConfigPut
sacli start

  • Prefer the SCrypt password hashing method (on Access Server 2.11 and newer):

    sacli --key "auth.local.0.prefer_scrypt" --value "true" ConfigPut
sacli start

  • Add a new user from scratch:

    sacli --user <USER_NAME> --key "type" --value "user_connect" UserPropPut
sacli start

  • Set password for a user in local authentication mode:

    sacli --user '<USER_NAME>' --new_pass '<PASSWORD>' SetLocalPassword
sacli start

  • Set the authentication mode for the user (on Access Server 2.10 and newer):

    sacli --user <USER> --key "user_auth_type" --value "local" UserPropPut
sacli start

  • Remove password for a user in local authentication mode:

    sacli --user <USER_NAME> RemoveLocalPassword
sacli start

  • Remove all user properties to delete the user:

    sacli --user <USER_OR_GROUP> UserPropDelAll
sacli start
In this section: