External Ldap Servers - D-Link NetDefend DFL-210 User Manual
Network security firewall ver 2.26.01
Hide thumbs
Also See for NetDefend DFL-210:
- Log reference manual (476 pages) ,
- User manual (469 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
8.2.4. External LDAP Servers
RADIUS with NetDefendOS
NetDefendOS acts as a RADIUS client, sending user credentials and connection parameter
information as a RADIUS message to a nominated RADIUS server. The server processes the
requests and sends back a RADIUS message to accept or deny them. One or more external servers
can be defined in NetDefendOS.
RADIUS Security
To provide security, a common shared secret is configured on both the RADIUS client and the
server. This secret enables encryption of the messages sent from the RADIUS client to the server
and is commonly configured as a relatively long text string. The string can contain up to 100
characters and is case sensitive.
RADIUS uses PPP to transfer username/password requests between client and RADIUS server, as
well as using PPP authentication schemes such as PAP and CHAP. RADIUS messages are sent as
UDP messages via UDP port 1812.
8.2.4. External LDAP Servers
Lightweight Directory Access Protocol (LDAP) servers can also be used with NetDefendOS as an
authentication source. This is implemented by the NetDefend Firewall acting as a client to one or
more LDAP servers. Multiple servers can be configured to provide redundancy if any servers
become unreachable.
Setting Up LDAP Authentication
There are two steps for setting up user authentication with LDAP servers:
•
Define one or more user authentication LDAP server objects in NetDefendOS.
•
Specify one or a list of these LDAP server objects in a user authentication rule.
One or more LDAP servers can be associated as a list within a user authentication rule. The
ordering of the list determines the order in which server access is attempted.
The first server in the list has the highest precedence and will be used first. If authentication fails
or the server is unreachable then the second in the list is used and so on.
LDAP Issues
Unfortunately, setting up LDAP authentication may not be as simple as, for example, RADIUS
setup. Careful consideration of the parameters used in defining the LDAP server to NetDefendOS is
required. There are a number of issues that can cause problems:
•
LDAP servers differ in their implementation. NetDefendOS provides a flexible way of
configuring an LDAP server and some configuration options may have to be changed depending
on the LDAP server software.
•
Authentication of PPTP or L2TP clients may require some administrative changes to the LDAP
server and this is discussed later.
Microsoft Active Directory as the LDAP Server
A Microsoft Active Directory can be configured in NetDefendOS as an LDAP server. There is one
320
Chapter 8. User Authentication
Advertisement
Table of Contents
Troubleshooting
