Configuring ldap authentication – Brocade Mobility 7131 Access Point Product Reference Guide (Supporting software release 4.4.0.0 and later) User Manual

242

Brocade Mobility 7131 Access Point Product Reference Guide

53-1002517-01

6

4. Use the Radius Client Authentication table to configure multiple shared secrets based on the

subnet or host attempting to authenticate with the Radius server. Use the Add button to add
entries to the list. Modify the following information as needed within the table.

5. Click Apply to save any changes to the Radius Server screen. Navigating away from the screen

without clicking Apply results in all changes to the screen being lost.

6. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the

settings displayed on the Radius Server screen to the last saved configuration.

7. Click Logout to securely exit the Access Point applet. A prompt displays confirming the logout

before the applet is closed.

Configuring LDAP Authentication

When the Radius Data Source is set to use an external LDAP server (see Configuring the Radius
Server on page 6-241), the LDAP screen is used to configure the properties of the external LDAP
server.

To configure the LDAP server:

1. Select System Configuration -> User Authentication -> RADIUS Server -> LDAP from the menu

tree.

NOTE

For the onboard Radius server to work with Windows Active Directory or open LDAP as the database,
the user has to be present in a group within the organizational unit. The same group must be present
within the onboard Radius server’s database. The group configured within the onboard Radius
server is used for group policy configuration to support a new Time Based Rule restriction feature.

NOTE

The LDAP screen displays with unfamiliar alphanumeric characters (if new to LDAP configuration).
Brocade Mobility recommends only qualified administrators change the default values within the
LDAP screen.

WARNING! If you have imported a Server or CA certificate, the certificate will not

be saved when updating the access point’s firmware. Export your
certificates before upgrading the access point’s firmware. From the
access point CLI, use the

admin(system.cmgr)> expcert

command to

export the certificate to a secure location.

Subnet/Host

Defines the IP address of the subnet or host that will be authenticating with the Radius
server. If a WLAN has been created to support mesh networking, then enter the IP address
of mesh client bridge in order for the MU to authenticate with a base bridge.

Netmask

Defines the netmask (subnet mask) of the subnet or host authenticating with the Radius
server.

Shared Secret

Click the Passwords button and set a shared secret used for each host or subnet
authenticating against the RADIUS server. The shared secret can be up to 7 characters in
length.