Accepting Changes; Testing The Connection To The Ldap Server; Wired 802.1X Support - AMX NX-1200 Webconsole And Programming Manual

If an administrator password change is desired, LDAP must be disabled, the password changed and saved and then LDAP re-

enabled.
Users may not be added or deleted via the web pages when LDAP is enabled.

User access privileges cannot be changed via the web pages.

As users log onto a NetLinx Master, their user name and access privileges are displayed on the User Security Details page

(see Security - Users section on page 51). This information is stored in the master's RAM but is not written to non-
volatile memory, and is lost after rebooting the Master.
If a user is removed from the LDAP directory tree, access is denied, and if that user name is on the master's User Security

Details web page it is removed.

Accepting Changes

Click the Accept/Test button to save changes on this page. Accepting changes is instantaneous and does not require rebooting the
Master.

Testing the Connection to the LDAP Server

After entering and accepting the parameters, the Accept/Test button can be used to test the connection to the LDAP server. This
test does a bind to the BIND DN using the Search Password entered.
If the bind is successful, the message Connection successful is displayed.

If the server could not be reached or the bind is unsuccessful, the message Could not connect to server -- Please check

LDAP URI, BIND DN and Search Password settings is displayed.
Refer to Appendix A: LDAP Implementation Details on page 127 for additional information.
IMPORTANT: For the NX-series Masters to work with LDAP over SSL (LDAPS), you must upload a CA server certif icate in .pem format
to the Master's FTP server. The certif icate's f ile name must be "ldap_ad.pem" and the f ile must be saved in a folder named "certs".
Once the f ile is uploaded, you must reboot the Master for the certif icate f ile to be read and employed by the system. LDAPS requires
Master Firmware version 1.3.78 or greater.

Wired 802.1X support

IEEE 802.1X is an IEEE Standard for Port-based Network Access Control (PNAC). PNAC provides the ability to grant or deny
network access to devices wishing to attach to a LAN based on credentials tied to the device rather than to a user. Until the device
has been verified and permitted access, no network traffic is passed through the connected port, effectively keeping the device
disconnected from the network.
The NX-Series controller acts as a supplicant (client device) to a wired 802.1X enabled network and presents customer-provided
X.509 certificates to be allowed access to protected networks. The following EAP Encryption Methods are supported.
PEAPv0/MSCHAPv2

TTLS/MSCHAPv2

TTLS/PAP

MD5

Customer provided X.509 certificates are uploaded to the NX-Series controller using NetLinx Studio, and 802.1x is configured via
the Command Line Interface and the syntax:
DOT1X[status|enable|disable]
Once you add the certificate file to your workspace, NetLinx Studio transfers the file to the appropriate directory on the controller.
1. Click to select (highlight) a System (in the Workspace tab of the Workspace Bar).
2. Right-click on the Other folder to access the Other File Folder context menu, and select Add Existing Other File.
3. In the Add Existing Other File dialog, locate and select the certificate file (.crt) that you want to add to the selected System.
Change the Files of Type option to All Files (*.*) to look for other file types, if necessary.
4. Click Open to access the File Properties dialog, where you can view/edit general file information for the selected file.
5. Click OK to add the file to the selected System. The file should now appear in the Other folder under the selected System.
NX-Series Controllers - WebConsole & Programming Guide
WebConsole - Security Options
55