General settings for remote authentication, Implementing ldap remote authentication, Returning user group information via ldap – Raritan Computer DKX116 User Manual

Page 49: Figure 39 remote authentication window

background image

C

HAPTER

4: A

DMINISTRATIVE

F

UNCTIONS

41

General Settings for Remote Authentication

1. On

the

Setup menu, click Security, and then click Remote Authentication to configure Dominion

KX for remote authentication. The Remote Authentication window appears:

Figure 39 Remote Authentication Window

2. Select the option button of the remote authentication protocol you wish to use (either LDAP or

RADIUS).

3. Enter the IP Address of your primary and secondary remote authentication servers in the Primary

Server IP Address and Secondary Server IP Address fields.

4. Enter the server secret needed to authenticate against your remote authentication servers in the Secret

Phrases field. Re-type the server secret in the Confirm Secret Phrase field.

5. If you selected LDAP as your remote authentication protocol, please read the next section

Implementing LDAP Remote Authentication to complete the fields in the LDAP panel of the
Remote Authentication window. If you selected RADIUS, please skip to Implementing RADIUS
Remote Authentication
to complete the fields in the RADIUS panel of the window.

6. When finished, click [OK] to save the Remote Authentication changes, or [Cancel] to exit without

saving.

Implementing LDAP Remote Authentication

Reminder: Microsoft Active Directory functions natively as an LDAP authentication server.

If you choose LDAP authentication protocol, complete the LDAP fields as follows:

Use Secure LDAP: Apply this rule to enables LDAP-S, which ensures that all authentication
requests and replies transmitted over the network are encrypted.

Default Port / User Defined Port: Select an option button to choose whether you would like to
use the standard LDAP TCP ports, or specify your own user defined port.

Base DN, Base Search, and Certificate File: Consult your authentication server administrator for
the appropriate values to type into these fields in order to process LDAP authentication queries
from Dominion KX.

Returning User Group Information via LDAP

When an LDAP authentication attempt succeeds, Dominion KX determines the permissions for a given
user based on the permissions of the user’s group. Your remote LDAP server can provide these user group
names by returning an attribute named as follows:

rciusergroup

attribute type: string

This may require a schema extension on your LDAP server. Please consult your authentication server
administrator to enable this attribute.