CHAPTER16 Services
Mediant 800 Gateway & E-SBC | User's Manual
● Always: First attempts to authenticate the user using the Local Users table, but if not
found, it authenticates the user with the RADIUS server.
6. Click Apply, and then reset the device with a save-to-flash for your settings to take effect.
Securing RADIUS Communication
RADIUS authentication requires HTTP basic authentication (according to RFC 2617). However,
this is insecure as the usernames and passwords are transmitted in clear text over plain HTTP.
Thus, as digest authentication is not supported with RADIUS, it is recommended that you use
HTTPS with RADIUS so that the usernames and passwords are encrypted. To enable the device
to use HTTPS, configure the 'Secured Web Connection (HTTPS)' parameter to HTTPS Only (see
Configuring Secured (HTTPS) Web).
RADIUS-based User Authentication in URL
RADIUS authentication of the management user is typically done after the user accesses the Web
interface by entering only the device's IP address in the Web browser's URL field (for example,
http://10.13.4.12/) and then entering the username and password credentials in the Web interface's
login screen. However, authentication with the RADIUS server can also be done immediately after
the user enters the URL, if the URL also contains the login credentials. For example:
http://10.4.4.112/Form-
s/RadiusAuthentication?WSBackUserName=John&WSBackPassword=1234.
This feature allows up to five simultaneous users only.
RADIUS-based CDR Accounting
Once you have configured a RADIUS server(s) for accounting in Configuring RADIUS Servers,
you need to enable and configure RADIUS-based CDR accounting (see Configuring RADIUS
Accounting).
LDAP-based Management and SIP Services
The device supports the Lightweight Directory Access Protocol (LDAP) application protocol and
can operate with third-party, LDAP-compliant servers such as Microsoft Active Directory (AD).
You can use LDAP for the following LDAP services:
■ SIP-related (Control) LDAP Queries: LDAP can be used for routing and manipulation (e.g.,
calling name and destination address).
The device connects and binds to the remote LDAP server (IP address or DNS/FQDN) during
the service’s initialization (at device start-up) or whenever you change the LDAP server's IP
address and port. Binding to the LDAP server is based on username and password (Bind DN
and Password). Service makes 10 attempts to connect and bind to the remote LDAP server,
with a timeout of 20 seconds between attempts. If connection fails, the service remains in
disconnected state until the LDAP server's IP address or port is changed. If connection to the
LDAP server later fails, the service attempts to reconnect.
- 223 -
To Next Page
Loading...
Need help?
General
