Motorola WiNG 5.7.1 System Reference Manual page 716

9 - 48 WiNG 5.7.1 Access Point System Reference Guide
LDAP Groups
LDAP Group Verification
LDAP Chase Referral
Local Realm
6. Set the following
Default Source
Default FallBack
Authentication Type
Use the drop-down menu to select LDAP groups to apply the server policy
configuration. Select the Create or Edit icons as needed to either create a new group
or modify an existing group. Use the arrow icons to add and remove groups as required.
Select the check box to set the LDAP group search configuration. This setting is
enabled by default.
Select the check box to set the LDAP referral chase feature. This settings is enabled
by default. When enabled, if the LDAP server does not contain the requested
information, it indicates to the LDAP client that it does not have the requested
information and provides the client with another LDAP server that could have the
requested information. It is up to the client to contact the other LDAP server for its
information.
Define the LDAP Realm performing authentication using information from an LDAP
server. User information includes user name, password, and the groups to which the
user belongs.
Authentication parameters to define server policy authorization settings.
Select the RADIUS resource for user authentication with this server policy. Options
include Local for the local user database or LDAP for a remote LDAP resource. The
default setting is Local
Select this option to indicate that fall back from RADIUS to local is enabled incase
RADIUS authentication is not available for any reason. This option is only enabled
when LDAP is selected as the Default Source.
Use the Add Row button to add fallback sources into the Sources table. Provide the
following information:
• Source – Select the type of fallback. Select from LDAP or Local
• Fallback – Select to enable fallback on this record.
• SSID – Enter the SSID to fall back on.
• Precedence – Use the spinner to select the precedence for selection of fallback.
Use the drop-down menu to select the EAP authentication scheme for local and LDAP
authentication. The following EAP authentication types are supported:
• All – Enables all authentication schemes.
• TLS - Uses TLS as the EAP type
• TTLS and MD5 - The EAP type is TTLS, with default authentication using MD5.
• TTLS and PAP - The EAP type is TTLS, with default authentication using PAP.
• TTLS and MSCHAPv2 - The EAP type is TTLS, with default authentication using
MSCHAPv2.
• PEAP and GTC - The EAP type is PEAP, with default authentication using GTC.
• PEAP and MSCHAPv2 - The EAP type is PEAP with default authentication using
MSCHAPv2. However, when user credentials are stored on an LDAP server, the
RADIUS server cannot conduct PEAP-MSCHAPv2 authentication on its own, as it is
not aware of the password. Use LDAP agent settings to locally authenticate the
user. Additionally, an authentication utility (such as Samba) must be used to
authenticate the user. Samba is an open source software used to share services
between Windows and Linux machine.