Nortel 3050 Command Reference Manual page 225

/cfg/vpn <id> /aaa/auth <id> /adv Advanced Settings Configuration 225
Table 76
GroupOIDS Menu Options (/cfg/vpn/aaa/auth/cert/groupoids) (cont'd.)
Command Syntax and Usage
add <numeric OID, e.g. 2.5.4.7>
/cfg/vpn <id> /aaa/auth <id> /adv Advanced Settings
Configuration
[Advanced Menu]
group auth
second auth
validate dn
revcert dn
The Advanced Settings menu includes commands for configuring the
current authentication method to retrieve user group information from other
authentication schemes besides the current one and for configuring a
second authentication server.
Copyright © 2007 Nortel Networks
.
Lets you add an OID (object identifier) from the subject part of the client
certificate. The value that corresponds to this OID will be extracted from
the certificate and used as group name when the remote user connects
to the Portal.
One or several OIDs in the client certificate can be specified as
groupoid. The group name specified as the value in the client
certificate must correspond to an existing group name configured on
the VPN Gateway.
Enter the appropriate numeric OID when prompted:
Example: Enter group OID within 'subject': 2.5.4.7
To view available OIDs and values for an existing certificate, use the
/cfg/cert #/subject command.
Example from the output: L/localityName (2.5.4.7) =
groupname where localityName is the symbolic name, 2.5.4.7 is the
OID and groupname is the value.
For information about how to generate a new client certificate and
export it to a file, see the "Certificates and Client Authentication"
chapter in the User's Guide.
- Set Authentication server list for group information
- Set Secondary authentication server
- Set Validate Cert-DNby Clear trust server
- Reverse Cert-DN before Cleartrust validation
Nortel VPN Gateway
Command Reference
NN46120-103 01.01 Standard
10 September 2007