Example: Test of IP Access Restrictions for Directory Users - Analytics Database

Example: Test of IP Access Restrictions for Directory Users - Analytics Database - Teradata Vantage

Security Administration

Deployment

VantageCloud

VantageCore

Edition

Enterprise

IntelliFlex

VMware

Product

Analytics Database

Teradata Vantage

Release Number

17.20

Published

June 2022

ft:locale

en-US

ft:lastEdition

2024-04-05

dita:mapPath

hjo1628096075471.ditamap

dita:ditavalPath

qkf1628213546010.ditaval

dita:id

zuy1472246340572

lifecycle

latest

Product Category

Teradata Vantage™

These examples test user djl for IP addresses 192.0.2.87, 192.0.2.88, and 192.0.2.89, and that the user is not permitted to log on from 192.0.2.88.

$ tdgssauth -m ldap -u djl -i 192.0.2.87
TDGSS_BIN_FILE not set.
TDGSSCONFIG GDO used in tdgss.
Please enter a password: 
                        Status: authenticated, not authorized
                 Database user: perm01 [permanent user]
            Authenticated user: ldap://esroot.example.com:389/CN=djl,OU=people,OU=testing,DC=example,DC=com
        Audit trail identifier: djl
        Authenticating service: esroot1
     Actual mechanism employed: ldap [OID 1.3.6.1.4.1.191.1.1012.1.20]
       Mechanism specific data: djl

 Security context capabilities: replay detection
                                out of sequence detection
                                confidentiality
                                integrity
                                protection ready
                                exportable security context

 Minimum quality of protection: none
                       Options: none

In this example, the last line of the output indicates that logon is denied.

$ tdgssauth -m ldap -u djl -i 192.0.2.88
TDGSS_BIN_FILE not set.
TDGSSCONFIG GDO used in tdgss.
Please enter a password: 
                        Status: authenticated, not authorized
                 Database user: perm01 [permanent user]
            Authenticated user: ldap://esroot.example.com:389/CN=djl,OU=people,OU=testing,DC=example,DC=com
        Audit trail identifier: djl
        Authenticating service: esroot1
     Actual mechanism employed: ldap [OID 1.3.6.1.4.1.191.1.1012.1.20]
       Mechanism specific data: djl

 Security context capabilities: replay detection
                                out of sequence detection
                                confidentiality
                                integrity
                                protection ready
                                exportable security context


The TDGSS function tdgss_inquire_policy_for_user returned an error:
  Major status 0x000d0000 – Failure
  Minor status 0xe10000ed – The user is not permitted to log on from the IP address.

$ tdgssauth -m ldap -u djl -i 192.0.2.89
TDGSS_BIN_FILE not set.
TDGSSCONFIG GDO used in tdgss.
Please enter a password: 
                        Status: authenticated, not authorized
                 Database user: perm01 [permanent user]
            Authenticated user: ldap://esroot.example.com:389/CN=djl,OU=people,OU=testing,DC=example,DC=com
        Audit trail identifier: djl
        Authenticating service: esroot1
     Actual mechanism employed: ldap [OID 1.3.6.1.4.1.191.1.1012.1.20]
       Mechanism specific data: djl

 Security context capabilities: replay detection
                                out of sequence detection
                                confidentiality
                                integrity
                                protection ready
                                exportable security context

 Minimum quality of protection: none
                       Options: none