24.1 Overview
You can use a AAA (Authentication, Authorization, Accounting) server to provide access control to
your network. The AAA server can be a Active Directory, LDAP, or RADIUS server. Use the AAA
Server screens to create and manage objects that contain settings for using AAA servers. You use
AAA server objects in configuring ext-group-user user objects and authentication method objects.
24.1.1 What You Can Do in this Chapter
• The Active Directory / LDAP screens
LDAP server objects.
• The RADIUS screen
to use for user authentication.
24.1.2 What You Need To Know
The following terms and concepts may help as you read this chapter.
Directory Service (AD/LDAP)
LDAP/AD allows a client (the NXC) to connect to a server to retrieve information from a directory. A
network example is shown next.
Figure 147 Example: Directory Service Client and Server
The following describes the user authentication procedure via an LDAP/AD server.
A user logs in with a user name and password pair.
1
The NXC tries to bind (or log in) to the LDAP/AD server.
2
When the binding process is successful, the NXC checks the user information in the directory
3
against the user name and password pair.
C
(Section 24.2 on page
(Section 24.3 on page
262) configures the default external RADIUS server
NXC Series User's Guide
254
HAPTER
AAA Server
257) configure Active Directory or
2 4