WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/media5/MX-AAA-MIB

661 lines
20 KiB
Plaintext
Raw Permalink Blame History

-- ****************************************************************************
-- ****************************************************************************
-- Copyright(c) 2004 Mediatrix Telecom, Inc.
-- NOTICE:
-- This document contains information that is confidential and proprietary
-- to Mediatrix Telecom, Inc.
-- Mediatrix Telecom, Inc. reserves all rights to this document as well as
-- to the Intellectual Property of the document and the technology and
-- know-how that it includes and represents.
-- This publication cannot be reproduced, neither in whole nor in part in
-- any form whatsoever without written prior approval by
-- Mediatrix Telecom, Inc.
-- Mediatrix Telecom, Inc. reserves the right to revise this publication
-- and make changes at any time and without the obligation to notify any
-- person and/or entity of such revisions and/or changes.
-- ****************************************************************************
-- ****************************************************************************
MX-AAA-MIB
DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
OBJECT-TYPE,
Unsigned32,
Integer32
FROM SNMPv2-SMI
MODULE-COMPLIANCE,
OBJECT-GROUP
FROM SNMPv2-CONF
MxEnableState,
MxActivationState,
MxIpHostName,
MxIpAddress,
MxIpPort,
MxAdvancedIpPort,
MxIpSubnetMask,
MxDigitMap
FROM MX-TC
MxUInt64,
MxFloat32,
MxIpHostNamePort,
MxIpAddr,
MxIpAddrPort,
MxIpAddrMask,
MxUri,
MxUrl
FROM MX-TC2
mediatrixServices
FROM MX-SMI2;
aaaMIB MODULE-IDENTITY
LAST-UPDATED "1910210000Z"
ORGANIZATION " Mediatrix Telecom, Inc. "
CONTACT-INFO " Mediatrix Telecom, Inc.
4229, Garlock Street
Sherbrooke (Quebec)
Canada
Phone: (819) 829-8749
"
DESCRIPTION " Authentication, Authorization and Accounting
The Authentication, Authorization and Accounting (AAA) service
manages the administrator accounts and grants or denies access
to various parameters.
"
::= { mediatrixServices 1000 }
aaaMIBObjects OBJECT IDENTIFIER ::= { aaaMIB 1 }
-- *****************************************************************************
-- Table:Users
-- *****************************************************************************
usersTable OBJECT-TYPE
SYNTAX SEQUENCE OF UsersEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION " Users
This table contains the users that are allowed in the system.
"
::= { aaaMIBObjects 100 }
usersEntry OBJECT-TYPE
SYNTAX UsersEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION " A row in table Users. "
INDEX {
usersUserName
}
::= { usersTable 1 }
UsersEntry ::= SEQUENCE
{
usersUserName OCTET STRING,
usersPassword OCTET STRING,
usersAccessRights INTEGER,
usersLockProtectionEnable MxEnableState,
usersDelete INTEGER
}
-- Index:User Name
usersUserName OBJECT-TYPE
SYNTAX OCTET STRING ( SIZE(0..50) )
MAX-ACCESS read-only
STATUS current
DESCRIPTION " User Name
Contains the user name. Cannot be empty.
"
DEFVAL { "" }
::= { usersEntry 100 }
-- Columnar:Password
usersPassword OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Password
Contains the user's password.
"
DEFVAL { "" }
::= { usersEntry 200 }
-- Columnar:Access Rights
usersAccessRights OBJECT-TYPE
SYNTAX INTEGER { admin(100) , user(200) , observer(300) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Access Rights
Identifies the user role defining the access rights.
* Admin: User has administrator access rights and is allowed
to read, modify and execute all configuration objects of
the unit.
* User: User has end-user access rights.
* Observer: User has observer access rights.
"
DEFVAL { admin }
::= { usersEntry 250 }
-- Columnar:Users Lock Protection Enable
usersLockProtectionEnable OBJECT-TYPE
SYNTAX MxEnableState
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Users Lock Protection Enable
To configure the locking mechanism to protect a user account
against brute force attacks.
* Enable: The user account will be temporarily locked after
repetitive login failures.
* Disable: The user account will never be locked, regardless
of the amount of failed login attempts.
Refer to the LoginLockedMaxRetry and LoginLockedTimeoutS
parameters for more configuration.
"
DEFVAL { enable }
::= { usersEntry 275 }
-- Row command:Delete
usersDelete OBJECT-TYPE
SYNTAX INTEGER { noOp(0), delete(10) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Delete
Deletes this row.
Note: a system restart is required to completely remove the
user. The current activities of this user are not terminated on
removal.
"
DEFVAL { noOp }
::= { usersEntry 300 }
-- End of table:Users
-- *****************************************************************************
-- Table:Users Status
-- *****************************************************************************
usersStatusTable OBJECT-TYPE
SYNTAX SEQUENCE OF UsersStatusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION " Users Status
This table displays the list of all currently allowed users.
"
::= { aaaMIBObjects 150 }
usersStatusEntry OBJECT-TYPE
SYNTAX UsersStatusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION " A row in table Users Status. "
INDEX {
usersStatusUserName
}
::= { usersStatusTable 1 }
UsersStatusEntry ::= SEQUENCE
{
usersStatusUserName OCTET STRING,
usersStatusPassword OCTET STRING,
usersStatusLocked INTEGER
}
-- Index:User Name
usersStatusUserName OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-only
STATUS current
DESCRIPTION " User Name
Contains the user name.
"
::= { usersStatusEntry 100 }
-- Columnar:Password
usersStatusPassword OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-only
STATUS current
DESCRIPTION " Password
Contains the user's password.
"
::= { usersStatusEntry 200 }
-- Columnar:Users Status Locked
usersStatusLocked OBJECT-TYPE
SYNTAX INTEGER { unlocked(100) , locked(200) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION " Users Status Locked
Indicates when a user account has been temporarily locked due
to excessive login failures. All login attempts will be
rejected while the user account is locked. See the
UsersLockProtectionEnable parameter for more details.
"
::= { usersStatusEntry 300 }
-- End of table:Users Status
-- Scalar:Batch User
batchUser OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Batch User
User name that is used for scheduled tasks.
"
DEFVAL { "" }
::= { aaaMIBObjects 200 }
-- *****************************************************************************
-- Table:Services Aaa Type
-- *****************************************************************************
servicesAaaTypeTable OBJECT-TYPE
SYNTAX SEQUENCE OF ServicesAaaTypeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION " Services Aaa Type
Aaa type used by services.
"
::= { aaaMIBObjects 300 }
servicesAaaTypeEntry OBJECT-TYPE
SYNTAX ServicesAaaTypeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION " A row in table Services Aaa Type. "
INDEX {
servicesAaaTypeService
}
::= { servicesAaaTypeTable 1 }
ServicesAaaTypeEntry ::= SEQUENCE
{
servicesAaaTypeService OCTET STRING,
servicesAaaTypeAuthenticationType INTEGER,
servicesAaaTypeAccountingType INTEGER
}
-- Index:Service Name
servicesAaaTypeService OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-only
STATUS current
DESCRIPTION " Service Name
Service name for which the Aaa types are configured.
"
DEFVAL { "" }
::= { servicesAaaTypeEntry 100 }
-- Columnar:Authentication Type
servicesAaaTypeAuthenticationType OBJECT-TYPE
SYNTAX INTEGER { local(100) , radius(200) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Authentication Type
Authentication type a service uses for incoming authentication
requests.
* Local: Incoming authentication attempts are validated
against the user names and passwords stored in the
Aaa.Users table.
* Radius: Incoming authentication attempts are validated
against the first responding Radius server configured in
the Aaa.RadiusServers table. When no servers reply or when
no server is configured in the Aaa.RadiusServers table, an
authentication attempt of type Local is performed against
the user names and passwords stored in the Aaa.Users table.
"
DEFVAL { local }
::= { servicesAaaTypeEntry 200 }
-- Columnar:Accounting Type
servicesAaaTypeAccountingType OBJECT-TYPE
SYNTAX INTEGER { none(100) , radius(200) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Accounting Type
Accounting type a service uses once a user is successfully
authenticated on the unit. Accounting starts once users are
successfully authenticated and stops when their session is
over.
* None: Accounting is disabled.
* Radius: Accounting is done by the first responding Radius
server configured in the Aaa.RadiusServers table.
"
DEFVAL { none }
::= { servicesAaaTypeEntry 300 }
-- End of table:Services Aaa Type
-- ****************************************************************************
-- Group:Radius Configuration
-- ****************************************************************************
radiusGroup OBJECT IDENTIFIER
::= { aaaMIBObjects 10000 }
-- Scalar:Radius Servers Requests Timeout
radiusServersTimeoutS OBJECT-TYPE
SYNTAX Unsigned32 ( 1..5 )
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Radius Servers Requests Timeout
Maximum time, in seconds, the unit waits for a reply from a
Radius server. When the timeout is reached, the request is
sent to the next configured server in the Aaa.RadiusServers
table.
"
DEFVAL { 5 }
::= { radiusGroup 100 }
-- Scalar:Radius User Access Rights
radiusUserAccessRights OBJECT-TYPE
SYNTAX INTEGER { admin(100) , user(200) , observer(300) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Radius User Access Rights
Identifies the user role defining the access rights for all
Radius users.
* Admin: User has administrator access rights and is allowed
to read, modify and execute all configuration objects of
the unit.
* User: User has end-user access rights.
* Observer: User has observer access rights.
"
DEFVAL { admin }
::= { radiusGroup 200 }
-- ***************************************************************************
-- Table:Radius Servers
-- ***************************************************************************
radiusServersTable OBJECT-TYPE
SYNTAX SEQUENCE OF RadiusServersEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION " Radius Servers
Radius servers used by services.
"
::= { radiusGroup 1000 }
radiusServersEntry OBJECT-TYPE
SYNTAX RadiusServersEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION " A row in table Radius Servers. "
INDEX {
radiusServersService,
radiusServersPriority
}
::= { radiusServersTable 1 }
RadiusServersEntry ::= SEQUENCE
{
radiusServersService OCTET STRING,
radiusServersPriority Unsigned32,
radiusServersAuthenticationHost MxIpHostNamePort,
radiusServersAuthenticationSecret OCTET STRING,
radiusServersAccountingHost MxIpHostNamePort,
radiusServersAccountingSecret OCTET STRING
}
-- Index:Service Name
radiusServersService OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-only
STATUS current
DESCRIPTION " Service Name
Name of the service for which Radius servers are configured.
"
::= { radiusServersEntry 100 }
-- Index:Radius Server Priority
radiusServersPriority OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION " Radius Server Priority
Radius server priority determining their usage order for Aaa
requests.
"
::= { radiusServersEntry 200 }
-- Columnar:Radius Host for Authentication
radiusServersAuthenticationHost OBJECT-TYPE
SYNTAX MxIpHostNamePort
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Radius Host for Authentication
Hostname and port of a Radius server used for authentication
requests.
"
DEFVAL { "" }
::= { radiusServersEntry 300 }
-- Columnar:Radius Authentication Server Secret Key
radiusServersAuthenticationSecret OBJECT-TYPE
SYNTAX OCTET STRING ( SIZE(0..512) )
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Radius Authentication Server Secret Key
Secret key shared between the Radius server and the unit. The
AuthenticationSecret key must be the same as the secret key
stored on the Radius authentication server set in the
RadiusServers.AuthenticationHost column.
"
DEFVAL { "" }
::= { radiusServersEntry 400 }
-- Columnar:Radius Host for Accounting
radiusServersAccountingHost OBJECT-TYPE
SYNTAX MxIpHostNamePort
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Radius Host for Accounting
Hostname and port of a Radius server used for accounting
requests.
"
DEFVAL { "" }
::= { radiusServersEntry 500 }
-- Columnar:Radius Accounting Server Secret Key
radiusServersAccountingSecret OBJECT-TYPE
SYNTAX OCTET STRING ( SIZE(0..512) )
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Radius Accounting Server Secret Key
Secret key shared between the Radius server and the unit. The
AccountingSecret key must be the same as the secret key
stored on the Radius accounting server set in the
RadiusServers.AccountingHost column.
"
DEFVAL { "" }
::= { radiusServersEntry 600 }
-- End of table:Radius Servers
-- End of group:Radius Configuration
-- ****************************************************************************
-- Group:Security Configuration
-- ****************************************************************************
securityGroup OBJECT IDENTIFIER
::= { aaaMIBObjects 20000 }
-- Scalar:Login Locked Max Retry
loginLockedMaxRetry OBJECT-TYPE
SYNTAX Unsigned32 ( 1..5 )
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Login Locked Max Retry
Defines the maximum number of failed login attempts allowed
before temporarily locking the user account.
This parameter has no effect when the LockProtectionEnable
parameter is disabled.
"
DEFVAL { 5 }
::= { securityGroup 100 }
-- Scalar:Login Locked Timeout
loginLockedTimeoutS OBJECT-TYPE
SYNTAX Unsigned32 ( 5..3600 )
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Login Locked Timeout
Defines the duration of the locked period (in seconds), after
which the user is allowed to log in again.
This parameter has no effect when the LockProtectionEnable
parameter is disabled.
"
DEFVAL { 300 }
::= { securityGroup 200 }
-- End of group:Security Configuration
-- ****************************************************************************
-- Group:Notification Messages Configuration
-- ****************************************************************************
notificationsGroup OBJECT IDENTIFIER
::= { aaaMIBObjects 60010 }
-- Scalar:Minimal Severity of Notification
minSeverity OBJECT-TYPE
SYNTAX INTEGER { disable(0) , debug(100) , info(200) , warning(300) ,
error(400) , critical (500) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION " Minimal Severity of Notification
Sets the minimal severity to issue a notification message
incoming from this service.
* Disable: No notification is issued.
* Debug: All notification messages are issued.
* Info: Notification messages with a 'Informational' and
higher severity are issued.
* Warning: Notification messages with a 'Warning' and higher
severity are issued.
* Error: Notification messages with an 'Error' and higher
severity are issued.
* Critical: Notification messages with a 'Critical' severity
are issued.
"
DEFVAL { warning }
::= { notificationsGroup 100 }
-- End of group:Notification Messages Configuration
-- ****************************************************************************
-- Group:Configuration Settings
-- ****************************************************************************
configurationGroup OBJECT IDENTIFIER
::= { aaaMIBObjects 60020 }
-- Scalar:Need Restart
needRestartInfo OBJECT-TYPE
SYNTAX INTEGER { no(0) , yes(100) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION " Need Restart
Indicates if the service needs to be restarted for the
configuration to fully take effect.
* Yes: Service needs to be restarted.
* No: Service does not need to be restarted.
Services can be restarted by using the
Scm.ServiceCommands.Restart command.
"
::= { configurationGroup 100 }
-- End of group:Configuration Settings
END
View Git Blame Copy Permalink