EasyManua.ls Logo

Distech ECYPSE - Overview; Authentication Fallback

Default Icon
174 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Supported RADIUS Server Architectures
62 ECLYPSE User Guide
Overview
When network connectivity allows, an EC-gfxProgram user can connect directly to an
ECLYPSE controller or a user can connect to the ECLYPSE controller through an EC-Net
AX
station. No matter the connection method, a user has to authenticate themselves with their
user credential (controller login username / password combination). Credentials can be held
separately in each device (ECLYPSE controller / EC-Net
AX
station), though this is not
recommended as maintaining user credentials among multiple devices is more labor
intensive.
Under such circumstances, the preferred method is to centralize user credentials in a
RADIUS server on one device or server. When a user connects to an ECLYPSE controller,
the ECLYPSE controller connects to the remote RADIUS server to authenticate the user’s
credential. A RADIUS server uses a challenge/response mechanism to authenticate a user’s
logon credentials. An unrecognized username or a valid username with an invalid password
receive an access denied response. A remote RADIUS server can be another ECLYPSE
controller, or a suitably-configured EC-Net
AX
/ EC-BOS
AX
station.
Authentication Fallback
Should the connection to the remote RADIUS server be temporarily lost, ECLYPSE
controllers have a fall back authentication mode: users that have already authenticated
themselves with the remote RADIUS server and then the connection to the RADIUS server
is lost, these users will still be able to login to the controller as their successfully
authenticated credentials are locally cached.
The user profile cache is updated when the user authenticates themselves while
there is a working RADIUS server connection. For this reason, at a minimum, admin
users should log in to each ECLYPSE controller at least once so their login can be
cached on that controller. Otherwise, if there is a RADIUS server connectivity issue
and a user who has never before connected to the ECLYPSE controller will be
locked out from the controller. It is particularly important for admin user credentials
to be cached on each controller as an admin user can change the controller’s
network connection parameters that may be at cause for the loss of connectivity to
the RADIUS server.

Table of Contents