Chapter 25 AAA Server
NXC Series User’s Guide
308
Search time limit Specify the timeout period (between 1 and 300 seconds) before the NXC disconnects from
the AD server. In this case, user authentication fails.
Search timeout occurs when either the user information is not in the AD or LDAP server or the
AD or LDAP server is down.
Case-sensitive User
Names
Select this if the server checks the case of the usernames.
Server Authentication
Bind DN Specify the bind DN for logging into the AD or LDAP server. Enter up to 127 alphanumerical
characters.
For example,
cn=zyAdmin specifies zyAdmin as the user name.
Password If required, enter the password (up to 15 alphanumerical characters) for the NXC to bind (or
log in) to the AD or LDAP server.
Retype to Confirm Retype your new password for confirmation.
User Login Settings
Login Name
Attribute
Enter the type of identifier the users are to use to log in. For example “name” or “e-mail
address”.
Alternative Login
Name Attribute
If there is a second type of identifier that the users can use to log in, enter it here. For example
“name” or “e-mail address”.
Group
Membership
Attribute
Enter the name of the attribute that the NXC is to check to determine to which group a user
belongs. The value for this attribute is called a group identifier; it determines to which group a
user belongs. You can add ext-group-user user objects to identify groups based on these
group identifier values.
For example you could have an attribute named “memberOf” with values like “sales”, “RD”,
and “management”. Then you could also create a ext-group-user user object for each
group. One with “sales” as the group identifier, another for “RD” and a third for
“management”.
Domain Authentication for MSChap
Enable Select this to enable domain authentication for MSChap. MS-CHAP Microsoft CHAP
(Challenge Handshake Authentication Protocol) uses a challenge-response mechanism
where the response is encrypted.
Note: This is only for Active Directory.
User Name Enter the user name for the user who has rights to add a machine to the domain.
Note: This is only for Active Directory.
User Password Enter the password for the associated user name.
Note: This is only for Active Directory.
Retype to Confirm Retype your new password for confirmation.
Realm Enter the AD server’s realm (network domain).
Note: This is only for Active Directory.
NetBIOS Name Enter the NetBIOS name of the AD or LDAP server. If you enter this, the NXC uses it with the user
name in the format NetBIOS\USERNAME to do authentication.
If you do not configure this, the NXC uses the format USERNAME@realm to do authentication.
Configuration
Validation
Use a user account from the server specified above to test if the configuration is correct. Enter
the account’s user name in the Username field and click Test.
Table 149 Configuration > Object > AAA Server > Active Directory (or LDAP) > Add/Edit (continued)
LABEL DESCRIPTION
To Next Page
Loading...
