Nt And Radius Domain Servers For Group Policies And Bookmarks - NETGEAR ProSafe SSL312 Reference Manual

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
Where:
• 10.0.0.5 is the IP address of the LDAP or Active Directory server
• "cn=demo,cn=users,dc=netgearnetworks,dc=net" is the distinguished
name of an LDAP user
• demo123 is the password for the user demo
• "dc=netgearworks,dc=net" is the base domain that you are querying
• > /tmp/file is optional and defines the file where the LDAP query results will be
saved.
For further information on querying an LDAP server from a Window server, please see:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/8196d68e-
776a-4bbc-99a6-d8c19f36ded4.mspx
NT and RADIUS Domain Servers for Group Policies and
Bookmarks
For authentication to RADIUS or Microsoft NT domains (using Kerberos), you can individually
define AAA users and groups. This is not required, but it allows you to create separate policies or
bookmarks for individual AAA users.
When a user logs in, the SSL VPN Concentrator will validate with the appropriate RADIUS or NT
server that the user is authorized to log in. If the user is authorized, the SSL VPN Concentrator will
check to see if a user exists in the SSL VPN Concentrator Users and Groups database. If the user
is defined, then the policies and bookmarks defined for the user will apply.
For example, if you create a RADIUS domain in the SSL VPN Concentrator called "Miami
RADIUS server", you can add users to groups that are members of the "Miami RADIUS server"
domain. These user names must match the names configured in the RADIUS server. Then, when
users log in to the portal, policies, bookmarks and other user settings will apply to the users. If the
AAA user does not exist in the SSL VPN Concentrator, then only the global settings, policies and
bookmarks will apply to the user.
For adding new RADIUS or Microsoft NT domain servers, see
Chapter 7.
6-22
v1.0, August 2006
"Authentication Domains" in
Group and User Access Policies