display local-user
Parameters
Parameter |
Description |
Value |
|---|---|---|
domain domain-name |
Displays information about local users in a specified domain. |
The domain name must already exist. |
state { active | block } |
Displays the attributes of local users in the specified state.
|
- |
username user-name |
Displays information about a specified local user name. |
The user name must already exist. |
Usage Guidelines
Usage Scenario
The display local-user command output helps you check the configuration of local users and isolate faults related to the local users.
Precautions
If no parameter is specified, brief information about all local users is displayed. If a parameter is specified, detailed information about the specified local user is displayed.
Low-level users cannot view information about high-level users.
Example
# Display brief information about local users.
<HUAWEI> display local-user
----------------------------------------------------------------------------
User-name State AuthMask AdminLevel
----------------------------------------------------------------------------
user-a A A 0
user-c A A 0
----------------------------------------------------------------------------
Total 2 user(s)
<HUAWEI> display local-user username user-a The contents of local user(s): Password : **************** State : active Service-type-mask : A Privilege level : - Ftp-directory : - HTTP-directory : - Access-limit : Yes Access-limit-max : 4294967295 Accessed-num : 0 Idle-timeout : - User-group : - Original-password : No Password-set-time : 2019-12-01 18:42:57+01:00 DST Password-expired : No Password-expire-time : - Account-expire-time : - Last login ip : 192.173.240.235 Last login time : 2019-03-21 09:38:24+08:00 Login fail count : 0
For a local user who fails to log in to the device but is not locked, Retry-time-left is displayed. For a local user whose initial password is changed, Change password retry-count-left is displayed. When the number of continuous login failures or the number of initial password change failures reaches the limit specified using the local-aaa-user wrong-password command, the user is locked.
When the number of user login failures or the number of initial password change failures does not reach the limit specified using the local-aaa-user wrong-password command, the user is not locked. If the limit is changed using the local-aaa-user wrong-password command, and the new limit is smaller than the number of user login failures or the number of initial password change failures, the user still has a change to try to log in to the device or change the password. In this case, Retry-time-left or Change password retry-count-left is displayed as 1.
<HUAWEI> display local-user username user1
The contents of local user(s):
Password : ****************
State : active
Service-type-mask : T
Privilege level : 0
Ftp-directory : -
HTTP-directory : -
Access-limit : -
Accessed-num : 0
Idle-timeout : -
Retry-interval : 4 Min(s)
Retry-time-left : 1
Original-password : Yes
Password-set-time : 2019-01-27 13:26:55+08:00
Password-expired : No
Password-expire-time : -
Account-expire-time : -
<HUAWEI> display local-user username user1
The contents of local user(s):
Password : ****************
State : active
Service-type-mask : T
Privilege level : 0
Ftp-directory : -
HTTP-directory : -
Access-limit : -
Accessed-num : 1
Idle-timeout : -
Change password retry-interval : 4 Min(s)
Change password retry-count-left: 3
Original-password : Yes
Password-set-time : 2019-01-27 13:26:55+08:00
Password-expired : No
Password-expire-time : -
Account-expire-time : -
<HUAWEI> display local-user state block
----------------------------------------------------------------------------
User-name State AuthMask AdminLevel BlockTime
----------------------------------------------------------------------------
test2 B T 0 2018-04-10 01:55:11-00:00
----------------------------------------------------------------------------
Total 1 user(s)
<HUAWEI> display local-user state block username test2
The contents of local user(s):
Password : ****************
State : block
Service-type-mask : T
Privilege level : 0
Ftp-directory : -
HTTP-directory : -
Access-limit : -
Accessed-num : 0
Idle-timeout : -
Block-time-left : 8 Min(s)
Original-password : Yes
Password-set-time : 2019-01-27 13:26:55+08:00
Password-expired : No
Password-expire-time : -
Account-expire-time : -
Item |
Description |
|---|---|
User-name |
Name of the local user. To configure this parameter, run the local-user command. |
State |
State of the local user:
To configure this parameter, run the local-user command. |
AuthMask |
Access type of the local user.
To configure this parameter, run the local-user service-type command. |
AdminLevel |
Local user level. To configure this parameter, run the local-user command. |
Password |
Password of the local user. To configure this parameter, run the local-user command. |
Service-type-mask |
Service type of the local user. Same as the AuthMask type. To configure this parameter, run the local-user service-type command. |
Privilege level |
Local user level. To configure this parameter, run the local-user command. |
Ftp-directory |
FTP directory of the local user. To configure this parameter, run the local-user command. |
HTTP-directory |
HTTP directory of the local user. To configure this parameter, run the local-user command. |
Access-limit |
Whether the maximum number of sessions of the local user is configured. To configure this parameter, run the local-user command. |
Access-limit-max |
Maximum number of sessions of the local user. To configure this parameter, run the local-user command. |
Accessed-num |
Number of established sessions. |
Idle-timeout |
Idle timeout interval. To configure this parameter, run the local-user command. |
User-group |
Authorization information of the user group to which the local user is bound. To configure this parameter, run the local-user command. |
Original-password |
Whether the password of a local user is the initial password:
To configure this parameter, run the password alert original command. |
Password-set-time |
Time when the local user's password is created. The value is in format local time + DST offset. |
Password-expired |
Whether a local user's password has expired:
|
Password-expire-time |
Time when the local user's password expires. The value is in format local time + DST offset. To configure this parameter, run the password expire command. |
Account-expire-time |
Expiry time of a local user account. The value is in format local time + DST offset. To configure this parameter, run the local-user expire-date command. |
Last login ip |
IP address for user login. This item can be displayed only for administrators. |
Last login time |
User login time. This item can be displayed only for administrators. |
Login fail count |
Number of user login failures. This item can be displayed only for administrators. |
BlockTime/Block-time-left |
Remaining time of locked local users. (Local users are locked because the entered password is incorrect consecutively.) |
Retry-interval |
Login retry interval before a local user is locked. To configure this parameter, run the local-aaa-user wrong-password command. |
Retry-time-left |
Remaining number of login retries before a local user is locked. To configure this parameter, run the local-aaa-user wrong-password command. |
Change password retry-interval |
Retry interval for changing the initial password of a local user before the user is locked. To configure this parameter, run the local-aaa-user wrong-password command. |
Change password retry-count-left |
Remaining number of initial password change retries before a local user is locked. To configure this parameter, run the local-aaa-user wrong-password command. |