Chapter 6. Menu Options
on the ASMI module before this user can login via LDAP. Also, all privilege configurations have to be
done within the ASMI user management (see
the Section called User Management
).
In order to configure the LDAP access, you can set the following options:
•
User LDAP Server: Here you should enter the name or IP address of the LDAP server containing the
user entries. If you choose a name instead of an IP address you need to configure a DNS server in the
network settings e.g.: 192.168.1.250
•
Base DN of User LDAP Server: Here you specify the distinguished name (DN) where the directory
tree starts in the user LDAP server e.g.: dc=test,dc=domain,dc=com
•
Type of external LDAP Server: with this option you set the type of the external LDAP server. This is
necessary since some server types require special handling. Additionally, the default values for the
LDAP scheme are set appropriately. You can choose between a Generic LDAP Server, a Novell
Directory Service and a Microsoft Active Directory. If you have neither a Novell Directory Service nor
a Microsoft Active Directory then choose the Generic LDAP Server and edit the LDAP scheme used
(see below).
•
Name of login-name attribute: this is the name of the attribute containing the unique login name of a
user, to use the default leave this field empty. The default depends on the selected LDAP server type.
•
Name of user-entry object class: this is the object class that identifies a user in the LDAP directory, to
use the default leave this field empty. The default depends on the selected LDAP server type.
•
Here you can refine the search for users that should be known to the ASMI module.
•
Active Directory Domain: this option represents the active directory domain that is configured in the
Microsoft Active Directory server. This option is only valid if you have chosen a Microsoft Active
Directory as the LDAP server type. E.g.: test.domain.com
Using the RADIUS Server
RADIUS (Remote Authentication Dial In User Service) is a protocol specified by the Internet
Engineering Task Force (IETF) working group. There are two specifications that make up the RADIUS
protocol suite: Authentication and Accounting. These specifications aim to centralize authentication,
configuration and accounting for dial-in services to an independent server. The RADIUS protocol exists
in several implementations such as freeRADIUS, openRADIUS or RADIUS on UNIX systems. The
RADIUS protocol itself is well specified and tested. We can give a recommendation for all products
listed above, especially for the freeRADIUS implementation.
For detailed information on how to setup the RADIUS server, please refer to
Appendix C
.
Note: Currently, we do not support challenge/response. An Access Challenge response is seen and
evaluated as an Access Reject.
In order to access a remote device using the RADIUS protocol you have to login first. You are then asked
to specify your user name and password. The RADIUS server reads your input data (Authentication) and
the ASMI module looks for your profile (Authorization). The profile defines (or limits) your actions and
may differ depending on your specific situation. If there is no such profile your access via RADIUS will
be refused. In terms of the remote activity mechanism the login via RADIUS works similarly to the
76