beautypg.com

Amer Networks E5Web GUI User Manual

Page 532

background image

contains the user password in plain text. The LDAP server administrator must make sure that
this field actually does contain the password. This is explained in greater detail later.

When LDAP is used with SSL VPN, the Password Attribute must be specified as userPassword or
Description based on the setting for the Agent option in the user authentication rule object.

Bind Request Authentication

LDAP server authentication is automatically configured to work using LDAP Bind Request
Authentication. This means that authentication succeeds if successful connection is made to the
LDAP server. Individual clients are not distinguished from one another.

LDAP server referrals should not occur with bind request authentication but if they do, the server
sending the referral will be regarded as not having responded.

LDAP Server Responses

When an LDAP server is queried by cOS Core with a user authentication request, the following
are the possible outcomes:

The server replies with a positive response and the user is authenticated.

Clients using PPP with CHAP, MS-CHAPv1 or MS-CHAPv2 is a special case and authentication
is actually done by cOS Core, as discussed later.

The server replies with a negative response and the user is not authenticated.

The server does not respond within the Timeout period specified for the server. If only one
server is specified then authentication will be considered to have failed. If there are alternate
servers defined for the user authentication rule then these are queried next.

Usernames may need the Domain

With certain LDAP servers, the domain name may need to be combined with the username when
the user is prompted for a username/password combination.

If the domain is mydomain.com then the username for myuser might need to be specified as
[email protected]. With some LDAP servers this might be myuser@domain
mydomain.com\myuser or even mydomain\myuser. The format depends entirely on the LDAP
server and what it expects.

Real-time Monitoring Statistics

The following statistics are available for real-time monitoring of LDAP server access for user
authentication:

Number of authentications per second.

Total number of authentication requests.

Total number of successful authentication requests.

Total number of failed authentication requests.

Chapter 8: User Authentication

532

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: