Table of Contents
Advertisement
Authentication
What needs to be set in the /etc/ldap.conf
Follow the example below to set correctly the necessary parameters:
# The Windows 2003 server IP address
host 200.246.93.118
# The Distinguished name (In our active directory, the format was set
# to Cycladescorporation.local)
base dc=CycladesCorporation,dc=local
# Here you can insert any user you had created, or the administrator
# user.
binddn cn=Administrator,cn=Users,dc=Cyclades,dc=local
# Password for that user
bindpw test123
# PAM login attribute
pam_login_attribute sAMAccountName
# Update Active Directory password, by creating Unicode password and
# updating unicodePwd attribute.
pam_password ad
Enabling TACACS+ Authorization for Serial Ports
Using an authorization method in addition to authentication provides an extra level of
system security. By enabling the raccess parameter, administrators require an additional
level of security checking. After each user is successfully authenticated through the
standard login procedure, the ACS uses TACACS+ to authorize whether or not each user
is allowed to access specific serial ports.
By default the raccess parameter is not enabled allowing all users full authorization.
When the raccess parameter is enabled, users are denied access unless they have the
proper authorization, which must be set on the TACACS+ server itself.
Configuring Authorization with a TACACS+ Server [CLI]
Step 1 - In CLI mode, enter the following string:
config > security > authentication> tacplusraccess yes
Step 2 - To save the configuration, enter the command:
File Description 3.4: /etc/ldap.conf
74
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the AlterPath ACS and is the answer not in the manual?