External ldap servers, Section 8.2.4, “external ldap servers – Amer Networks E5Web GUI User Manual

for security.

A retry timeout value of 2 means that cOS Core will resend the authentication request to the
sever if there is no response after 2 seconds. There will be a maximum of 3 retries.

Command-Line Interface

Device:/> add RadiusServer rs_users

IPAddress=radius_ip
SharedSecret=mysecretcode
Port=1812
RetryTimeout=2

InControl

Follow the same steps used for the Web Interface below.

Web Interface

1.

Go to: Policies > User Authentication > RADIUS > Add > RADIUS Server

2.

Now enter:

•

Name: rs_users

•

IP Address: radius_ip

•

Port: 1812

•

Retry Timeout: 2

•

Shared Secret: mysecretcode

•

Confirm Secret: mysecretcode

3.

Click OK

8.2.4. External LDAP Servers

Lightweight Directory Access Protocol (LDAP) servers can also be used with cOS Core as an
authentication source. This is implemented by the Clavister Security Gateway acting as a client to
one or more LDAP servers. Multiple servers can be configured to provide redundancy if any
servers become unreachable.

Setting Up LDAP Authentication

There are two steps for setting up user authentication with LDAP servers:

•

Define one or more user authentication LDAP server objects in cOS Core.

•

Specify one or a list of these LDAP server objects in a user authentication rule.

One or more LDAP servers can be associated as a list within a user authentication rule. The
ordering of the list determines the order in which server access is attempted.

The first server in the list has the highest precedence and will be used first. If authentication
fails or the server is unreachable then the second in the list is used and so on.

Chapter 8: User Authentication

527