Configure Tab
98
NXA-WAPZD1000 ZoneDirector Smart WLAN Controller
Multi-Domain Active Directory Authentication
For multi-domain AD authentication, an Admin account name and password must be entered so that the NXA-
WAPZD1000 can query the Global Catalog.
To enable Active Directory authentication for multiple domains:
1.
Go to Configure > AAA Servers.
2.
In the Editing (Active Directory) form, select the Global Catalog check box next to Enable Global
Catalog support.
3.
The default port changes to 3268, and the fields for Admin DN and password appear. The default port
number (3268) should not be changed unless you have configured your AD server to use a different port.
Global Catalog queries are directed to port 3268, while ordinary searches are received through port
389. If the port binds to 389, even with Global Catalog server, the search includes only a single
domain directory partition. If the port binds to port 3268, the search includes all directory partitions
in the forest. If the server attempting to bind over port 3268 is not a Global Catalog server, the
server refuses the bind.
4.
Enter an Admin DN (distinguished name) in Active Directory format ([email protected]).
5.
Enter the Admin Password, and re-enter the same password for confirmation.
6.
Click OK to save changes.
LDAP
The NXA-WAPZD1000 supports several of the most commonly used LDAP servers, including:
OpenLDAP
Apple Open Directory
Novell eDirectory
Sun JES (limited support)
To enable LDAP user authentication for all users:
1.
Go to Configure > AAA Servers.
2.
Click the Edit link next to LDAP. The Editing LDAP form appears.
3.
Enter the IP address and Port of your LDAP server. The default port (389) should not be changed unless
you have configured your LDAP server to use a different port.
4.
Enter a Base DN in LDAP format for all user accounts.
Format: cn=Users;dc=<Your Domain>,dc=com
5.
Enter an Admin DN in LDAP format.
Format: cn=Admin;dc=<Your Domain>,dc=com
6.
Enter the Admin Password, and reenter to confirm.
7.
Enter a Key Attribute to denote users (default: uid).
8.
Click OK to save your changes.
Advanced LDAP Filtering
A search string in LDAP format conforming to RFC 4515 can be used to limit search results. For example,
objectClass=Person limits the search to those whose “objectClass” attribute is equal to “Person”. More
complicated examples are shown when you mouse over the “show more” section next to the Search Filter field
in the Editing (LDAP) section.
The Admin account need not have write privileges, but must able to read and search
all users in the database.
The Admin account need not have write privileges, but must able to read and search
all users in the database.
Содержание NXA-WAPZD1000
Страница 4: ......
Страница 12: ...viii NXA WAPZD1000 ZoneDirector Smart WLAN Controller Table of Contents ...
Страница 16: ...Introduction 12 NXA WAPZD1000 ZoneDirector Smart WLAN Controller ...
Страница 130: ...Blocking Client Devices 126 NXA WAPZD1000 ZoneDirector Smart WLAN Controller ...
Страница 146: ...Smart Mesh Networking Best Practices 142 NXA WAPZD1000 ZoneDirector Smart WLAN Controller ...
Страница 153: ...Troubleshooting 149 NXA WAPZD1000 ZoneDirector Smart WLAN Controller ...