RADIUS with NetDefendOS
NetDefendOS acts as a RADIUS client, sending user credentials and connection parameter
information as a RADIUS message to a nominated RADIUS server. The server processes the
requests and sends back a RADIUS message to accept or deny them. One or more external servers
can be defined in NetDefendOS.
RADIUS Security
To provide security, a common shared secret is configured on both the RADIUS client and the
server. This secret enables encryption of the messages sent from the RADIUS client to the server
and is commonly configured as a relatively long text string. The string can contain up to 100
characters and is case sensitive.
RADIUS uses PPP to transfer username/password requests between client and RADIUS server, as
well as using PPP authentication schemes such as PAP and CHAP. RADIUS messages are sent as
UDP messages via UDP port 1812.
8.2.4. External LDAP Servers
Lightweight Directory Access Protocol (LDAP) servers can also be used with NetDefendOS as an
authentication source. This is implemented by the D-Link Firewall acting as a client to one or more
LDAP servers. Multiple servers can be configured to provide redundancy if any servers become
unreachable.
Setting Up LDAP Authentication
There are two steps to setting up user authentication with LDAP servers:
A. Define one or more user authentication LDAP server objects in NetDefendOS.
B. Specify a list of these LDAP server objects in a user authentication rule.
These two steps are described below.
A. Defining User Authentication LDAP Servers
One or more named LDAP server objects can be defined in NetDefendOS. These objects tell
NetDefendOS which LDAP servers are available and how to access them.
The following general parameters are used for configuration of each server:
•
Name
The name given to the server object for display purposes in NetDefendOS.
•
IP Address
The IP address of the LDAP server.
•
Port
The port number on the LDAP server which will receive the client request which is sent using
TCP/IP. This port is by default 389.
•
Timeout
This is the timeout length of time for user authentication attempts in seconds. If no response to a
request is received from the server after this time then the server will be considered to be
8.2.4. External LDAP Servers
Chapter 8. User Authentication
305
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...