Chapter 29 Object
USG20(W)-VPN Series User’s Guide
503
AAA server objects in configuring ext-group-user user objects and authentication method objects
(see Chapter 29 on page 511).
29.8.1 Directory Service (AD/LDAP)
LDAP/AD allows a client (the USG) to connect to a server to retrieve information from a directory. A
network example is shown next.
Figure 341 Example: Directory Service Client and Server
The following describes the user authentication procedure via an LDAP/AD server.
1 A user logs in with a user name and password pair.
2 The USG tries to bind (or log in) to the LDAP/AD server.
3 When the binding process is successful, the USG checks the user information in the directory
against the user name and password pair.
4 If it matches, the user is allowed access. Otherwise, access is blocked.
29.8.2 RADIUS Server
RADIUS (Remote Authentication Dial-In User Service) authentication is a popular protocol used to
authenticate users by means of an external server instead of (or in addition to) an internal device
user database that is limited to the memory capacity of the device. In essence, RADIUS
authentication allows you to validate a large number of users from a central location.
Figure 342 RADIUS Server Network Example
29.8.3 ASAS
ASAS (Authenex Strong Authentication System) is a RADIUS server that works with the One-Time
Password (OTP) feature. Purchase a USG OTP package in order to use this feature. The package
To Next Page
Loading...
