beautypg.com

Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 616

background image

606

Brocade Mobility Access Point System Reference Guide

53-1003100-01

9

If using LDAP as the default authentication source, select + Add Row to set LDAP Agent settings.

When a user's credentials are stored on an external LDAP server, the controller or service
platform’s local RADIUS server cannot successfully conduct PEAP-MSCHAPv2
authentication, since it is not aware of the user’s credentials maintained on the external
LDAP server resource. Therefore, up to two LDAP agents can be provided locally so remote
LDAP authentication can be successfully accomplished on the remote LDAP resource
using credentials maintained locally.

Authentication Type

Use the drop-down menu to select the EAP authentication scheme for local and
LDAP authentication. The following EAP authentication types are supported:

All – Enables all authentication schemes.

TLS - Uses TLS as the EAP type

TTLS and MD5 - The EAP type is TTLS, with default authentication using
MD5.

TTLS and PAP - The EAP type is TTLS, with default authentication using PAP.

TTLS and MSCHAPv2 - The EAP type is TTLS, with default authentication
using MSCHAPv2.

PEAP and GTC - The EAP type is PEAP, with default authentication using
GTC.

PEAP and MSCHAPv2 - The EAP type is PEAP with default authentication
using MSCHAPv2. However, when user credentials are stored on an LDAP
server, the RADIUS server cannot conduct PEAP-MSCHAPv2 authentication
on its own, as it is not aware of the password. Use LDAP agent settings to
locally authenticate the user. Additionally, an authentication utility (such as
Samba) must be used to authenticate the user. Samba is an open source
software used to share services between Windows and Linux machine.

Do Not Verify Username

Only enabled when TLS is selected in Authentication Type When selected, user
name is not matched but the certificate expiry is checked.

Enable CRL Validation

Select this option to enable a Certificate Revocation List (CRL) check.
Certificates can be checked and revoked for a number of reasons, including the
failure or compromise of a device using a certificate, a compromise of a
certificate key pair or errors within an issued certificate. This option is disabled
by default.

Username

Enter a128 character maximum username for the LDAP server’s domain administrator.
This is the username defined on the LDAP server for RADIUS authentication requests.

Password

Enter and confirm the 32 character maximum password (for the username provided
above). The successful verification of the password maintained on the controller or
service platform enables PEAP-MSCHAPv2 authentication using the remote LDAP server
resource.

Retry Timeout

Set the number of Seconds (60 - 300) or Minutes (1 - 5) to wait between LDAP server
access requests when attempting to join the remote LDAP server’s domain. The default
settings is one minute.

Redundancy

Define the Primary or Secondary LDAP agent configuration used to connect to the LDAP
server domain.

Domain Name

Enter the name of the domain (from 1 - 127 characters) to which the LDAP server
resource belongs.

See also other documents in the category Brocade Computer Accessories: