Loading ...
Loading ...
Loading ...
171
• Enter the Server Password.
• Click Apply. LDAP remote authentication will now be used for all user access to the console server and serially or network
attached devices.
LDAP The Lightweight Directory Access Protocol (LDAP) is based on the X.500 standard, but is significantly simpler and
more readily adapted to meet custom needs. The core LDAP specifications are all defined in RFCs. LDAP is a
protocol used to access information stored in an LDAP server. Further information on configuring remote RADIUS
servers can be found at the following websites:
http://www.ldapman.org/articles/intro_to_ldap.html
http://www.ldapman.org/servers.html
http://www.linuxplanet.com/linuxplanet/tutorials/5050/1/
http://www.linuxplanet.com/linuxplanet/tutorials/5074/4/
9.1.5 RADIUS/TACACS User Configuration
Users may be added to the local console server. If they are not added and they log in via remote AAA, a user will be added
for them. This user will not show up in the Tripp Lite configurators unless they are specifically added, at which point they are
transformed into a local user. The newly added user must authenticate using the remote AAA server and will have no access if
it is down.
If a local user logs in, they may be authenticated/authorized from the remote AAA server, depending on the chosen priority of
the remote AAA. A local user’s authorization is the union of local and remote privileges.
Example 1:
User Tim is locally added and has access to ports 1 and 2. He is also defined on a remote TACACS server, which says he has
access to ports 3 and 4. Tim may log in with either his local or TACACS password, and will have access to ports 1 through 4.
If TACACS is down, he will need to use his local password, and will only be able to access ports 1 and 2.
Example 2:
User Sue is only defined on the TACACS server, which says she has access to ports 5 and 6. When she attempts to log in, a
new user will be created for her and she will be able to access ports 5 and 6. If the TACACS server is down, she will have no
access.
Example 3:
User Paul is defined on a RADIUS server only. He has access to all serial ports and network hosts.
Example 4:
User Don is locally defined on an appliance using RADIUS for AAA. Even if Don is also defined on the RADIUS server, he will
only have access to those serial ports and network hosts he has been authorized to use on the appliance.
If a “no local AAA” option is selected, the root will still be authenticated locally.
Remote users may be added to the administrator group via RADIUS or TACACS. Users may have a set of authorizations set
on the remote TACACS server. Users automatically added by RADIUS will have authorization for all resources, whereas those
added locally will still need their authorizations specified.
LDAP has not been modified and will still need locally defined users.
Note: To interact with RADIUS, TACACS+ and LDAP with console server firmware pre-2.4.2, you must also set up the user accounts on the
local console server. All resource authorizations must be added to the local appliance. With this release, if remote AAA is selected, it is used
for password checking only. Root is always authenticated locally. Any changes to PAM configurations will be destroyed the next time the
authentication configurator is run.
9. Authentication
Loading ...
Loading ...
Loading ...