local-userdb add

localuserdb

local-userdb add {generate-username|username <name>} {generate-password|password <passwd>} [comment <g_comments>][email <email>] [expiry {duration <minutes>|time <hh/mm/yyy> <hh:mm>}] [guest-company <g_company>][guest-fullname <g_fullname>][guest-phone <g-phone>][mode disable][opt-field-1 <opt1>][opt-field-2 <opt2>][opt-field-3 <opt3>][opt-field-4 <opt4>][role <role>][sponsor-dept <sp_dept>][sponsor-mail <sp_email>][sponsor-fullname <sp_fullname>][sponsor-name <sp_name>]
[start-time <mm/dd/yyyy> <hh.mm>]

Description

This command creates a user account entry in the controller’s internal database.

Syntax

Parameter

Description

Range

Default

generate-username

Automatically generate and add a username.

username

Add the specified username.

1 – 64 characters

generate-password

Automatically generate a password for the username.

password

Add the specified password for the username.

6 – 128 characters

comments

Comments added to the user account.

email

Email address for the user account.

expiry

Expiration for the user account. If this is not set, the account does not expire.

no expiration

duration

Duration, in minutes, for the user account.

1-2147483647

time

Date and time, in mm/dd/yyy and hh:mm format, that the user account expires.

guest-company

Name of the guest’s company.

NOTE: A guest is the person who needs guest access to the company’s Aruba wireless network.

 

 

guest-fullname

The guest’s full name.

 

 

guest-phone

The guest’s phone number.

 

 

mode

Enables or disables the user account,

Disable

opt-field-1

This category can be used for some other purpose. For example, the optional category fields can be used for another person, such as a “Supervisor.” You can enter username, full name, department and Email information into the optional fields.

opt-field-2

Same as opt-field-1.

opt-field-3

Same as opt-field-1.

opt-field-4

Same as opt-field-1.

role

Role for the user. This role takes effect when the internal database is specified in a server group profile with a server derivation rule. If there is no server derivation rule configured, then the user is assigned the default role for the authentication method.

guest

sponsor-dept

The guest sponsor’s department name

NOTE: A sponsor is the guest's primary contact for the visit.

sponsor-email

The sponsor’s email address.

sponsor-fullname

The sponsor’s full name.

sponsor-name

The sponsor’s name.

start-time

Date and time, in mm/dd/yyy and hh:mm format, the guest account begins.

Usage Guidelines

When you specify the internal database as an authentication server, client information is checked against the user accounts in the internal database. You can modify an existing user account in the internal database with the local-userdb modify command, or delete an account with the local-userdb del command.

By default, the internal database in the master controller is used for authentication. Issue the aaa authentication-server internal use-local-switch command to use the internal database in a local controller; you then need to add user accounts to the internal database in the local controller.

Example

The following command adds a user account in the internal database with an automatically-generated username and password:

(host) #local-userdb add generate-username generate-password expiry duration 480

The following information is displayed when you enter the command:

GuestConnect

Username: guest4157

Password: cDFD1675

Expiration: 480 minutes

Related Commands

Command

Description

Mode

show local-userdb

Use this command to show the parameters displayed in the output of this command.

Enable and Config modes

show local-userdb-guest

Use this command to show the parameters displayed in the output of the local-userdb-guest add command.

Enable and Config modes

mgmt-user

Use the webui-cacert <certificate name> command if you want an external authentication server to derive the management user role. This is helpful if there are a large number of users who need to be authenticated.

Use the mgmt-user webui-cacert <certificate_name> serial <number> <username> <role> command if you want the authentication process to use previously configured certificate name and serial number to derive the user role.

Config mode

Command History

Version

Modification

ArubaOS 3.0

Introduced for the first time.

ArubaOS 3.4

The guest, sponsor and optional field parameters were added.

Command Information

Platform

License

Command Mode

Available on all platforms

Available in the base operating system. The role parameter requires the PEFNG license.

Enable mode on master controllers.

local-userdb del

local-userdb {del username <name>|del-all}

Description

This command deletes entries in the controller’s internal database.

Syntax

Parameter

Description

del username

Deletes the user account for the specified username.

del-all

Deletes all entries in the internal database.

Usage Guidelines

User account entries created with expirations are automatically deleted from the internal database at the specified expiration. Use this command to delete an entry before its expiration or to delete an entry that was created without an expiration.

Example

The following command deletes a specific user account entry:

(host)#local-userdb del username guest4157

Command History

Introduced in ArubaOS 3.0.

Command Information

Platform

License

Command Mode

Available on all platforms

Available in the base operating system

Enable mode on master controllers.

local-userdb export

local-userdb export <filename>

Description

This command exports the internal database to a file.

Caution_Icon

Use this command with caution. It replaces the existing users with user entries from the imported file.

Syntax

Parameter

Description

export

Saves the internal database to the specified file in flash.

Usage Guidelines

After using this command, you can use the copy command to transfer the file from flash to another location.

Example

The following command saves the internal database to a file:

(host)#local-userdb export jan-userdb

Command History

Introduced in ArubaOS 3.0.

Command Information

Platform

License

Command Mode

Available on all platforms

Available in the base operating system

Enable mode on master controllers.

local-userdb fix-database

local-userdb fix-database

Description

This command deletes and reinitializes the internal database.

Syntax

No parameters.

Usage Guidelines

Before using this command, you can save the internal database with the local-userdb export command.

Command History

Introduced in ArubaOS 3.0.

Command Information

Platform

License

Command Mode

Available on all platforms

Available in the base operating system

Enable mode on master controllers.

local-userdb import

local-userdb import <filename>

Description

This command replaces the internal database with the specified file from flash.

Syntax

Parameter

Description

import

Replaces the internal database with the specified file.

Usage Guidelines

This command replaces the contents of the internal database with the contents in the specified file. The file must be a valid internal database file saved with the local-userdb export command.

Example

The following command imports the specified file into the internal database:

(host)#local-userdb import jan-userdb

Command History

Introduced in ArubaOS 3.0.

Command Information

Platform

License

Command Mode

Available on all platforms

Available in the base operating system

Enable mode on master controllers.

local-userdb maximum-expiration

local-userdb maximum-expiration <minutes>

Description

This command configures the maximum time, in minutes, that a guest account in the internal database can remain valid.

Parameter

Description

Range

maximum-expiration

Maximum time, in minutes, that a guest account in the internal database can remain valid.

1-2147483647

Syntax

Usage Guidelines

The user in the guest-provisioning role cannot create guest accounts that expire beyond the configured maximum time. This command is not available to the user in the guest-provisioning role.

Example

The following command sets the maximum time for guest accounts in the internal database to 8 hours (480 minutes):

(host)#local-userdb maximum-expiration 480

Command History

Introduced in ArubaOS 3.0.

Command Information

Platform

License

Command Mode

Available on all platforms

Available in the base operating system

Configuration mode on master controllers.

local-userdb modify

local-userdb modify username <name> [comments <g_comments>][email <email>] [expiry {duration <minutes>|time <hh/mm/yyy> <hh:mm>}] [guest-company <g_company>][guest-fullname <g_fullname>][guest-phone <g-phone>][mode disable][opt-field-1 <opt1>][opt-field-2 <opt2>][opt-field-3 <opt3>][opt-field-4 <opt4>][role <role>][sponsor-dept <sp_dept>][sponsor-mail <sp_email>][sponsor-fullname <sp_fullname>][sponsor-name <sp_name>][start-time <mm/dd/yyyy> <hh.mm>]

Description

This command modifies an existing user account entry in the controller’s internal database.

Syntax

Parameter

Description

Range

Default

username

Name of the existing user account entry.

1 – 64 characters

comments

Comments added to the user account.

email

Email address for the use account.

expiry

Expiration for the user account. If this is not set, the account does not expire.

no expiration

duration

Duration, in minutes, for the user account.

1-2147483647

time

Date and time, in mm/dd/yyy and hh:mm format, that the user account expires.

guest-company

Name of the guest’s company.

NOTE: A guest is the person who needs guest access to the company’s Aruba wireless network.

 

 

guest-fullname

The guest’s full name.

 

 

guest-phone

The guest’s phone number.

 

 

mode

Enables or disables the user account,

Disable

opt-field-1

This category can be used for some other purpose. For example, the optional category fields can be used for another person, such as a “Supervisor.” You can enter username, full name, department and Email information into the optional fields.

opt-field-2

Same as opt-field-1.

opt-field-3

Same as opt-field-1.

opt-field-4

Same as opt-field-1.

role

Role for the user.

This parameter requires the PEFNG license.

guest

sponsor-dept

The guest sponsor’s department name

NOTE: A sponsor is the guest's primary contact for the visit.

sponsor-email

The sponsor’s email address.

sponsor-fullname

The sponsor’s full name.

sponsor-name

The sponsor’s name.

start-time

Date and time, in mm/dd/yyy and hh:mm format, the guest account begins.

Usage Guidelines

Use the show local-userdb command to view the current user account entries in the internal database.

Example

The following command disables an existing user account in the internal database:

(host)# local-userdb modify username guest4157 mode disable

Command History

Version

Modification

ArubaOS 3.0

Introduced for the first time.

ArubaOS 3.4

The guest, sponsor and optional parameters were added.

Command Information

Platform

License

Command Mode

Available on all platforms

Available in the base operating system

Enable mode on master controllers.

local-userdb send-to-guest

local-userdb send-to-guest

Description

This command automatically sends email to the guest when the guest user is created.

Syntax

No parameters.

Usage Guidelines

A guest is the person who needs guest access to the company’s Aruba wireless network. Email is sent directly to the guest after the guest user is created. When configuring the guest provisioning feature, the guest user is generally created by Guest Provisioning user. This is the person who is responsible for signing in guests at your company.

Example

(host)(config) #local-userdb send-to-guest

Command History

Introduced in ArubaOS 3.4.

Command Information

Platform

License

Command Mode

Available on all platforms

Available in the base operating system

Configuration mode on master controllers.

local-userdb send-to-sponsor

local-userdb send-to-sponsor

Description

This command automatically sends email to the guest’s sponsor when the guest user is created.

Syntax

No parameters.

Usage Guidelines

The sponsor is the guest's primary contact. Email is sent directly to the guest’s sponsor after the guest user is created. When configuring the guest provisioning feature, the sponsor is generally created by the Guest Provisioning user. This is the person who responsible for signing in guests at your company.

Example

(host)(config)#local-userdb send-to-sponsor

Command History

Introduced in ArubaOS 3.4.

Command Information

Platform

License

Command Mode

Available on all platforms

Available in the base operating system

Configuration mode on master controllers.

 

Note:this release has not been updated since the release of the pdf