5 configuring radius users, 5 configuring radius users -69, Configuring radius users – Motorola Series Switch WS5100 User Manual
Page 293
Switch Security
6-69
4. Refer to the
LDAP Server Details
field to define the attributes of the primary and secondary Radius
LDAP servers providing access to external databes to be used with local Radius servers.
5. Click the
Apply
button to save the changes made to within the screen.
6. Click the
Revert
button to cancel any changes made within the screen and revert back to the last saved
configuration.
6.9.5 Configuring Radius Users
Refer to the
Users
tab to view the current set of users and assigned groups for the Radius server. The Users
tab is used when
Local
is selected as the Auth Data Source within the
Authentication & Accounting
tab.
The user information is ignored if an LDAP server is used for user authentication.
Cert Trustpoint
Click the
View/Change
button to specify the trustpoint from which the Radius server
automatically grants certificate enrollment requests. A trustpoint is a representation of a CA
or identity pair. A trustpoint contains the identity of the CA, CA-specific configuration
parameters, and an association with one enrolled identity certificate. If the server certificate
trustpoint is not used, the default trustpoint will be used instead.
CA Cert Trustpoint
Click the View/Change button to specify the CA certificate trustpoint from which the Radius
server automatically grants certificate enrollment requests. A trustpoint is a representation
of a CA or identity pair. A trustpoint contains the identity of the CA, CA-specific configuration
parameters, and an association with one enrolled identity certificate.
If a CA trustpoint is not specified, the "default trustpoint's CA certificate is used as a ca
certificate. If the "Default trustpoint" does not have a CA certificate, the server certificate
itself will be used as the CA certificate.
NOTE: EAP-TLS will not work with a default trustpoint, proper CA and Server trustpoints
must be configured for EAP-TLS.For information on configuring certificates for use with
the switch, see
Creating Server Certificates on page 6-74
IP Address
Enter the IP address of the external LDAP server acting as the data source for the Radius
server. This server must be accessible from an active subnet on the switch.
Port
Enter the TCP/IP port number for the LDAP server acting as the data source.
Password Attribute
Enter the password attribute used by the LDAP server for authentication.
Bind DN
Specify the distinguished name to bind with the LDAP server.
Bind Password
Enter a valid password for the LDAP server.
Base DN
Specify a distinguished name that establishes the base object for the search. The base
object is the point in the LDAP tree at which to start searching.
User Login Filter
Enter the login used by the LDAP server for authentication.
Group Filter
Specify the group filters used by your LDAP server.
Group Membership
Attribute
Specify the Group Member Attribute to be sent to the LDAP server when authenticating the
users.
Group Attribute
Specify the group attribute used by the LDAP server.
Net Timeout
Enter a timeout value the system uses to terminate the connection to the Radius Server if no
activity is detected.