ADTRAN BlueSecure Controller Setup And Administration Manual page 113

on page 7-1 to configure a new RADIUS accounting server for selection in the drop-down
list. Alternatively, you can select the Create... option to open a window that enables you
to configure a new RADIUS accounting server. After you save the server information, you
are returned to the New LDAP/Active directory server page where you can select the
RADIUS accounting server from the drop-down list.
Mapping LDAP/ Define the rules to determine if the user is authenticated.For each rule:
1.
Active Directory
a)
attributes to
b)
roles
c)
d)
Optional. Use the commands included in the Row Management drop-down list to
2.
change the order of rules, add new blank rules, clear rule data, or delete a rule, etc.
Remember, the BSC evaluates rules in the order in which they are listed here on the
New LDAP/Active Directory server page.
Select the default user role from the Default role drop-down list. The selected default
3.
role is the role the BSC assigns the user if none of rules is true.
Access Control Optional. Return the MAC and IP addresses stored on the LDAP/Active Directory server's
Lists access control lists for the user authenticated into this role.
To return a list of MAC addresses allowed for this user, enter the appropriate LDAP server
attribute in the MAC ACL Attribute field. To allow this user to be authenticated from any
MAC address, in the access control list on the RADIUS server, enter the string "exception"
instead of a MAC address for this user.
The entered attribute must be complete with consideration given to case. Use commas as
delimiters when entering multiple attributes. The format of the MAC address is 00:00:00:.
To return a list of IP addresses allowed for this user, enter the appropriate LDAP server
attribute in the IP ACL Attribute field. To allow this user to be authenticated from any IP
address, in the access control list on the RADIUS server, enter the string "exception"
instead of an IP address for this user.
Post Login Optional. Enter a Redirect URL Attribute to specify a URL to which a user is redirected.
There are two other places in the UI in which redirection can be specified. The user is
redirected to one of the following URLs (if specified) in the order of precedence listed:
The Redirect URL Attribute field on either the RADIUS page or the LDAP page
1.
accessed on the User Authentication tab. (See "RADIUS Authentication" on page 6-2
and "LDAP/Active Directory Authentication" on page 6-6.)
The URL Redirect field on the Edit Role page ("Defining a Role" on page 8-4).
2.
The Default Redirect URL field on the General HTTP Settings page (see "HTTP Server
3.
Settings" on page 10-2).
Note: If the user is assigned a role on the Edit Role page with the Thank You HTML text
specified, the browser displays the Thank You page and no redirection to a URL occurs.
BlueSecure™ Controller Setup and Administration Guide
Enter the appropriate LDAP attribute in the Attribute field.
Select the appropriate logic operator (equal to, not equal to, starts with, ends
with, contains, or [is a role]) from the Logic drop-down list.
Enter the appropriate Value to check against the specified attribute.
Select the role to assign to the user if the rule evaluates as true and the user is
authenticated from the Role drop-down list.
See "Defining User Roles to Enforce Network Usage Policies" on page 8-2 to
define a new role available for selection in the drop-down list.
Alternatively, you can select the Create New... option to open a window that
enables you to define a new role. After you save the role information, you are
returned to the New LDAP/Active Directory page where you can select the role
from the drop-down list.
LDAP/Active Directory Authentication
6-9