Table of Contents
Advertisement
Do Not Verify Username
Enable CRL Validation
7. If using LDAP as the default authentication source, select
When a user's credentials are stored on an external LDAP server, the controller or service platform's local RADIUS server
cannot successfully conduct PEAP-MSCHAPv2 authentication, since it is not aware of the user's credentials maintained on
the external LDAP server resource. Therefore, up to two LDAP agents can be provided locally so remote LDAP authentication
can be successfully accomplished on the remote LDAP resource using credentials maintained locally.
Username
Password
Retry Timeout
Redundancy
Domain Name
8. Set the following
Session Resumption/Fast Reauthentication
re-established once terminated and require cached data to resume:
Enable Session Resumption
Cached Entry Lifetime
Maximum Cache Entries
9. Select
OK
to save the settings to the server policy configuration. Select
10. Select the
Client
tab and ensure the
The access point uses a RADIUS client as a mechanism to communicate with a central server to authenticate users and
authorize access.
The client and server share a secret (a password). That shared secret followed by the request authenticator is put through
a MD5 hash to create a 16 octet value used with the password entered by the user. If the user password is greater than 16
octets, additional MD5 calculations are performed, using the previous ciphertext instead of the request authenticator. The
Only enabled when TLS is selected in Authentication Type. When selected, user name
is not matched but the certificate expiry is checked.
Select this option to enable a Certificate Revocation List (CRL) check. Certificates can
be checked and revoked for a number of reasons, including the failure or compromise
of a device using a certificate, a compromise of a certificate key pair or errors within
an issued certificate. This option is disabled by default.
+ Add Row
Enter a128 character maximum username for the LDAP server's domain administrator.
This is the username defined on the LDAP server for RADIUS authentication requests.
Enter and confirm the 32 character maximum password (for the username provided
above). The successful verification of the password maintained on the controller or
service platform enables PEAP-MSCHAPv2 authentication using the remote LDAP
server resource.
Set the number of Seconds (60 - 300) or Minutes (1 - 5) to wait between LDAP server
access requests when attempting to join the remote LDAP server's domain. The default
settings is one minute.
Define the Primary or Secondary LDAP agent configuration used to connect to the
LDAP server domain.
Enter the name of the domain (from 1 - 127 characters) to which the LDAP server
resource belongs.
Select the check box to control volume and the duration cached data is maintained by
the server policy upon the termination of a server policy session. The availability and
quick retrieval of the cached data speeds up session resumption. This setting is
disabled by default.
Use the spinner control to set the lifetime (1 - 24 hours) cached data is maintained by
the RADIUS server policy. The default setting is 1 hour.
Use the spinner control to define the maximum number of entries maintained in cache
for this RADIUS server policy. The default setting is 128 entries.
Activate RADIUS Server Policy
to set LDAP Agent settings.
settings to define how server policy sessions are
Reset
to revert to the last saved configuration.
button remains selected.
9 - 49
Hide quick links:
Advertisement
Table of Contents
