We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

CC Admins Tab

  • Last updated on

Administrators are managed on the Admins page of the Barracuda NG Control Center. This article explains the Barracuda NG Firewall Administration Concept (AC) and provides information on the functionalities of the Barracuda NG Control Center Admins tab.

cc_adm.png

Barracuda NG Firewall Administration Concept (AC)

When creating administrator profiles, consider the following prerequisites:

  1. Create administrative roles (Global Settings > Administrative Roles). For information on admin user creation, see: How to Configure Administrative Profiles.
  2. Define node properties. For more information, see CC Configuration Tab.
  3. Create the required administrators to fit the concept. To create a new admin under the Admins tab, click New Entry in the ribbon bar and configure the settings. The user then appears in the column.
Default User Rights

Distinguishing between a standalone Barracuda NG Firewall and a system within a Barracuda NG Control Center cluster, the NGFW Administration Concept (AC) offers different services for each system. Every Barracuda NG Firewall has the user 'root' who has unlimited rights in the entire system. In addition, the 'support' user is granted access to the system via the operating system only.

If you need to work on the Barracuda NG Admin management interface, you can introduce so-called 'root aliases'. Within the management layer, the status of these users is on equal terms with the status of 'root'. On the other hand, there are no root aliases on operating system layer allowing system access to other users than the system users 'root' and 'support'. Root and root alias also differ in the authentication mode. For authenticating the alias, either a RSA 1024-bit key or a password can be used, whereas root is only authenticated with a password.

  • Because all these users are counted among system users, the default access notification scheme that is configured for each particular service automatically applies to them.

Default user rights overview:

User

Access via Barracuda NG Admin

SSHConsole LoginCharacteristics
root

yes, password or key

RSA keys, password

yes, password

 
supportnopasswordpassword

default Linux user, UID=9999

root alias

yes, password or key

RSA keys, password

no

optional, deactivation possible

The MD5 password hashes of 'root' and 'support' [UID=9999, group support ] are stored in /etc/shadow (operative instance for system access) and in /opt/phion/config/configroot[active]/boxadm.conf (global configurative instance, operative instance for system access). Any authentication data of the root aliases is stored in these two files. libpwdbhas been manipulated to disable password changes on the command line via passwd for all users.

libpwdb is required by the PAM module pam_pwdb.so and is used by default if the method for password changes requiring authentication via the admin DB has not been implemented. The implemented procedure provides for configurational and operational coherence of the authentication data entities.

System access of the 'support' user is recommended for serial access on the box because it is only of restricted use. In addition to the basic services described above, the scope and the performance of the pAC is significantly broadened and enhanced in combination with a multi-administrator CC. Administrators are managed in the Barracuda NG Control Center and are reported to the Barracuda NG Firewall systems within their executive scope. For high availability purposes, the administrators 'master' and 'ha' equivalent to 'root' are introduced: 

  • ha – 'ha' is used for data synchronization of two HA partner systems (for example, fw-sync).
  • master – 'master' is used for configuration updates, status updates, etc.

The Admins Column 

The columns under the Admins tab display the following information: 

  • Name – This column displays the full username.
  • Login – The login name of the administrator.
  • Auth. – The authentication method.
  • ACL – Information about the access control list that applies to the user.
  • Scope – Defines the administrative scope.
  • Level – Defines the configuration level of the user.
  • Role – Defines the adminitrative role of the user.
  • Shell Login – Defines the shell login method of the user. 

You can arrange this list by clicking the Order by Admins icon in the ribbon bar if required.

Last updated on