User Management

This Article contains the following:

The internal (local) user management console

Factory preset users

Special function: Allow user profile "Anonymous Guests”

How to use guest /anonymous login

Create, Delete and Edit Local Users

For this configuration step, you need the following menu:

The user management of the CS141 provides a multi-layer adaptation to the respective security requirements of a network. Administrators can choose between 3 different basic strategies to decide as freely as possible whether and how the login should be possible:

Local Authentication only

In this operating mode, the CS141 uses only the users configured on the respective unit. Changes must be made manually by an administrator or by the "Super User" on each single device.

RADIUS, then Local authentication

With this setup, a RADIUS server is asked first. If RADIUS is not available, the CS141 checks whether the requested user is known in the internal (local) user pool.

RADIUS Only

When operating with "RADIUS Only" mode, the CS141 will completely ignore the internal database - only users and passwords that are stored at the associated RADIUS server are valid.

Note: Special Role "Super User" admin

User: admin 

Password: Up to FW2.22: cs141-snmp / From FW2.24: Password registration during initialization

This is the only preset user that cannot be changed or locked. In case of extensive network disruptions, the super user "admin" allows, in addition to absolute access to all menus, additional tools for comprehensive network diagnostics. Ensure that the password is appropriately secure!

If you are operating in exclusive RADIUS mode, you can explicitly unlock this user on-site by moving the slide switch to the center position (configuration mode, IP is then 10.10.10.10 / 24) and restarting the CS141.

For more detailed explanations and further options, please refer to the Help Center article If nothing works or the corresponding chapter "When nothing else works" located in the CS141 manual.

The internal (local) user management console

With the internal (local) user management, usernames, passwords and access levels are specified directly by administrators in the respective CS141. Apart from the super user "admin", you can define the usernames and user roles yourself.

Note: Name versus user role – what's the difference?

The CS141 distinguishes between the respective username/password and a pre-configured user role. The user role determines which menus are displayed to the created username: for example, it is not relevant for a technician to have to make settings on the mail server or IP address. To avoid misconfigurations, these menus are completely hidden and blocked for the technician with the corresponding user role "Engineer".

Factory preset users

The preset users are intended to enable a quick start. They can be adapted by you as required to the respective operating scenario.

The super user "admin"

User:                       admin

Default Password: cs141-snmp (Up to FW2.22) / Password registration during initialization (From FW2.24)

This user is unique and cannot be deleted or deactivated. Users with this access level not only have administrative access, but also receive valuable diagnostic tools for comprehensive network analyses. The super user admin is also the only user with absolute password control.

The Engineer

User:                       engineer

Default Password:  engineer

The technician has a user account that is limited to his area of responsibility. He has access to the functions that relate to technical actions. He can customize the available devices, configure them and make the necessary adjustments.

The Customer

User:                       customer

Default Password:  customer

The customer has access to the system monitors and can also view and download the collected log files. The management functions with which the data can be deleted, among other things, are not accessible.

Guest access

User:                       guest

Default Password:  guest

Guest access allows only viewing of the system monitors without triggering any further functions. The special feature of this user is that the password prompt can be deactivated if required.

Note about the user “admin”: 

With version 2.24, the initial installation was changed: as soon as a device is reset to factory defaults or has been delivered, the registration of a personal administrator password is mandatory. This can be changed or adjusted again at any time in configuration mode ("password forgotten")

Locking user release levels

This menu allows you to deny access to certain user groups (user roles) across the board.

Note: Cybersecurity Enhanced Default Settings

Using standard users and passwords are always pretty dangerous because they are well-known to be found within a user's guide. For this reason, all user profiles are generally locked by factory setting, and must be exclusively released by an administrator. Available options to administrators for securing their devices are described in detail in the CS141 Hardening Guide section.

Special function: Allow user profile "Anonymous Guests”

To use guest access without a password, set a check mark at Anonymous authentication. This function can be used by a higher-level monitoring software such as GENEREX's UNMS II, e.g., to display necessary data for monitoring without a password request.

Optional user role: The „Administrator“

The administrator can be set up exclusively by a super user. The "administrator" then offers a slightly graded version of the super user - it has far-reaching system rights and can perform all the day-to-day tasks of an administrator. 

In contrast to the Super User "admin", the Administrator can be managed by a RADIUS server.

Note:
A RADIUS user role "administrator" cannot be called "admin" like the super user - the CS141 will reject this login constellation on principle to avoid confusion between users and user roles.

How to use guest /anonymous login

Normally, the CS141 only provides information via its web interface if a user successfully logs in - a deep link to view the UPS monitor directly is treated accordingly:

After activating Anonymous authentication, it is possible to view the monitoring screens directly – it is even possible to create a small html page and set up an I-frame to show it inside larger websites or content management systems. This html code may help you to create the html website:

<html><head></head>

<body>

<center>

<p>I-Frame zu der USV mit der IP xxx </p>

<br><hr><br>

<iframe src="http://<Ihre IP>/www/devices/ups/page" height="600" width="850" name="iFrame" title="IFrame of my UPS"></iframe>

</center>

</body></html>

As a result, the UPS monitoring screen will appear inside your html document:

Possible deep links:

http://10.10.10.10/www/devices/ups/page                            Opens the UPS monitoring screen

http://10.10.10.10/www/devices/sensor/page                      Opens the Sensor monitoring screen

http://10.10.10.10/www/devices/bacs/page                          Opens the BACS monitoring screen.

Keep in mind, this is a session-based I-Frame. For some reasons, a session may be expired, and you need to log in as guest again. Possible reasons are:

• Web browser settings (e.g. inactivity, no clicks, etc.: Some browsers may quit a session in this case)
• Pre-defined imeout settings
• Session cookie is expired or deleted (e.g. internet security software deletes a session cookie after some time)

Note:

By using the web query directly, you will notice the URL inside your web browser will change. This is because you start a page request, but the web server on the CS141 responds with a different page and will redirect you automatically: Since the page behavior is dynamically, the response page may change accordingly. However, the HTML request is standardized with these three deep links and will be served as long as the Anonymous login is active.

Create, Delete and Edit Local Users

Add a user:

To open the configuration dialogue for creating users, click under "Local users" on    

Then simply create the user and specify the user role:

At "User Name", it is possible to freely type any user:

• James T, Kirk
• Joardy La’Forge
• User_%&}lannmaP

However, the CS141 will obey the exact spelling including upper/lower case and spaces.

Edit a user:

Click on the edit- symbol to open the according menu:

The user will be changed on the fly. If the user is logged in for the moment, the new settings are active on reboot or logout.

Delete a user:

To delete a user, simply click on the recycle bin next to the user. If you delete the user, you are currently using, your username will become invalid when you log out.