Barracuda NG Firewall

Barracuda NG Firewall



5.4 5.2

 


How to Create a New Admin Profile

Last update: Wednesday, 19. Jun 2013

The following article explains how to create a new administrator profile on the Barracuda NG Control Center box.


To create a new administrator profile:

  1. Log into the Box Layer of the Barracuda NG Control Center.
  2. Go to the Config > Administrators page.
  3. Click Lock.
  4. Click to add a new profile.
  5. Enter the administrator’s Name for the Barracuda NG Admin login and click OK to enter the configuration. 

    A unique ID must be assigned to every administrator. The ID may be adapted to your needs, though the following names may not be used:  

    • root, bin, adm, daemon, lp, system, sync, shutdown, halt, mail, operator, nobody, support, uucp – These names have a special meaning in the OS.
    • ha, master – These names are already reserved by the Barracuda NG Firewall system.
  6. In the configuration window, you can specify the following settings:
      

     Setting Description

    Account Description

    • Disabled – Enable or disable this administrator account.
    • Full Name – This setting can hold either the administrator’s full name or a description.

    Administrator Authorization

    Roles – This menu provides the currently available administrative roles (Global Settings - Administrative Roles).

    Shell Level

    This menu provides options to control the shell access of the administrator. The following entries are available:

    • No_Login – Prevents the administrator from accessing the shell.
    • Standard_Login – Allows access to the system on the OS layer via a default/standard user account (home directory: user/phion/home/username).

      When users log out, everything in their home directory is deleted.

    • Restricted_Login – Permits system access via a restricted shell (rbash). This type of shell has several restrictions, as its name already implies, such as specifying commands containing slashes and changing directories by entering cd. Such a login also restricts any writing operation to the home directory for the user.


    Administrator Authentication

    Authentication Level

    This setting defines the authentication that is required to access a system. The following types of authentication are available: 

    • Password (default)
    • Key-OR-Password
    • Key
    • Key-AND-Password.
    External Authentication field

    If external authentication is required, the corresponding method can be selected here. The following authentication schemes are available: 

    • MSNT
    • LDAP
    • Radius
    • MS Active Directory
    • RSA SecurID
    • TacPlus
    • NGF Local
    • Local


    Because the selected authentication scheme must be configured on both the Barracuda NG Control Center and Barracuda NG Firewall, Barracuda Networks highly recommends configuring the authentication schemes within the repository and setting appropriate references from there.

    External Login Name field The login name for the corresponding authentication scheme. 
    Password

    The password for the Barracuda NG Admin login. When creating an account, the new password must be entered in both the Current and New fields, even though the password has not yet been created. The password must be confirmed by reentering it in the Confirm field. In addition to the parameters mentioned above, the Account Description section offers an additional option: 

    Disabled – To deactivate the administrator profile, select this check box.

    With the Disabled setting, the administrator profile is disabled after the configuration changes are activated.

    Next Forced Change [d]Here the time interval in days for mandatory password changes can be specified. Defining a value of 0 deactivates this. 

    Warning period [d]

    Specifies the number of days before the password expiry date on which a request for password change is displayed.

    Expiry Grace Period [d]

    Specifies the number of days after the password expiry date on which the password is still accepted.

    Change Mode

    allow_reuse_of_previous allows to define the old password again, while force_different_password will force the entry of a different password.

    Public RSA Key

    Serves for handling the public key. The Export/Import button offers import options.

    Administrator Access Control 
    • Peer IP Restriction – Specifies IP addresses and/or subnets of administration workstations on which Barracuda NG Admin runs.
    • Login Event – This menu specifies the way a login is recorded. The entry Service Default (default) is a reference to the settings made within the Access Notification (Global Settings - CC Access Notification). Choosing Silent suppresses any event notification.
  7. Click Send Changes and then click Activate.

 


Feedback
If you have a technical issue with the product, please contact Barracuda Networks Technical Support. Did you find this article helpful: |