Managing local administrators

The accounts of local administrators are created locally on the SMC server.

To add a local administrator:

  1. Go to Maintenance > SMC Server > Administrators, and click on Add an administrator.

  2. Fill in the following mandatory fields:

    3. Field Description
    ID

    Identifier of the local administrator.
    Name

    Name of the local administrator shown in SMC.

  3. Select the access privileges. For more information, refer to the section Managing administrator privileges as super administrator.

  4. Set a password for the administrator in line with the password policy described in the following section.

The following terms are reserved on SMC, so cannot be used as IDs: root, daemon, bin, sys, sync, games, man, lp, mail, news, uucp, proxy, www-data, backup, list, irc, gnats, sshd, dhcpcd, messagebus, fwadmin-server, nobody.

Only the super administrator can set the password policy for administrators with a local account, by choosing:

  • The minimum number of characters required: the password can contain between one and 128 characters. A minimum of 12 characters is required by default.
  • The mandatory character types: alphanumeric, alphabetic and special or none. No character types are mandatory by default.

When a new SMC server is deployed, the password of the super administrator in the server initialization wizard must also contain at least 12 characters.

To set a password policy:

  1. Go to Maintenance > SMC Server > Administrators, and click on Edit local authentication settings.
    Edit local authentication settings button
  2. In the Local tab, enable local authentication if necessary.
  3. Select the minimum number of characters required.
  4. Select the mandatory character types.

The password policy applies to all administrators who have a local account.

It also applies to passwords used for encrypting backups. For more information, please refer to the section Saving and restoring the SMC server configuration.

Passwords that were set before this policy was applied will remain valid but we recommend that you change them to comply with the set policy.

The 128-character limit also applies to administrators’ logins and names.

The super administrator can disable local authentication and therefore allow administrators to authenticate only through a Radius or LDAP authentication server.

  1. Go to Maintenance > SMC Server > Administrators, and click on Edit local authentication settings.
    Edit local authentication settings button
  2. In the Local tab, unselect Local authentication enabled.
  3. Click on Apply.

The super administrator continues to hold the privilege of authenticating with their local password. This is the only authentication mode available to them.