Configuring ldap authentication – H3C Technologies H3C SecPath F1000-E User Manual

Page 380

368

NOTE:
•

To enable RADIUS authentication in the SSL VPN system, navigate to User > RADIUS page to configure
a RADIUS scheme named system. If the RADIUS server is a CAMS/IMC server, you must specify the
service type as Extended in the RADIUS scheme. For more configuration information, see

Access

Control Configuration Guide.

•

For successful RADIUS authentication of a user, you must also configure the account information and the
user group attribute information for the user on the RADIUS authentication server, and make sure that
the user groups configured on the RADIUS authentication server exist on the SSL VPN gateway.

Otherwise, the user cannot log in. The gateway supports up to 16 user groups for a user. Make sure that

the number of user groups specified for a user on the authentication server is equal to or less than the
limit.

Select VPN > SSL VPN > Domain Management > Authentication Policy from the navigation tree. Click the
RADIUS Authentication tab to enter the RADIUS authentication configuration page, as shown in

Figure

252

Figure 252 RADIUS authentication

Table 52 Configuration items

Item Description

Enable RADIUS
authentication

Select this item to enable RADIUS authentication.

Authentication policy

Select an authentication policy for RADIUS authentication. Options include Password
and Password+Certificate.

Enable RADIUS
accounting

Select this item to enable RADIUS accounting.

Upload virtual
address

With this item selected, the system uploads the IP address of the client’s virtual network
adapter to the RADIUS server after RADIUS accounting succeeds.

Configuring LDAP authentication

The Lightweight Directory Access Protocol (LDAP) is a cross-platform, standard directory service system

that is based on TCP/IP. It is developed on the basis of the X.500 protocol but is better than X.500 in

data reading, browsing, and search.
LDAP is suitable for saving data that will not change frequently. A typical application of LDAP is to save

user information of a system. For example, Microsoft Windows operating systems use an Active Directory

Server to save user information and user group information, providing LDAP based authentication and

authorization for Windows users. The SSL VPN system can cooperate with an LDAP server to provide
LDAP authentication and obtain resource access rights for users.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS