Authentication Rules; Ldap For Ppp With Chap, Ms-Chapv1 Or Ms-Chapv2 - D-Link NetDefend DFL-210 User Manual
Network security firewall
Hide thumbs
Also See for NetDefend DFL-210:
- User manual (495 pages) ,
- Log reference manual (476 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
8.2.5. Authentication Rules
Figure 8.2. LDAP for PPP with CHAP, MS-CHAPv1 or MS-CHAPv2
When setting up this scenario, the administrator needs to take note of the following issues:
1.
User passwords will be stored in two places so changing one means a separate change to the
other.
2.
Users will not be able to change their passwords unless both passwords can somehow be
changed together, perhaps by using scripting.
3.
Anyone with administrator access to the LDAP database will be able to see the password.
4.
Updating the LDAP database schema is often an irreversible operation.
8.2.5. Authentication Rules
An Authentication Rule should be defined when the user establishing a connection through the
D-Link Firewall is to be prompted for a username/password login sequence.
Authentication Rules are set up in a way that is similar to other NetDefendOS security policies, by
specifying which traffic is to be subject to the rule. They differ from other policies in that the
destination network/interface is not of interest but only the source network/interface. An
Authentication Rule has the following parameters:
•
Interface
The source interface on which the connections to be authenticated will arrive.
•
Source IP
The source network from which new connections will arrive.
•
Authentication Source
- This specifies that authentication is to be done against one of the following:
•
The Local database defined within NetDefendOS.
•
A RADIUS server (discussed below).
•
An external LDAP server database (discussed below).
309
Chapter 8. User Authentication
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
