1. Manuals
  2. Brands
  3. Acuity Controls Manuals
  4. Controller
  5. nLight ECLYPSE
  6. User manual

Supported Radius Server Architectures; Overview; Authentication Fallback; Radius Server And Enabling Fips 140-2 Mode - Acuity Controls nLight ECLYPSE User Manual

Hide thumbs Also See for nLight ECLYPSE:
Table of Contents

Advertisement

Supported RADIUS Server Architectures

CHAPTER 7
Supported RADIUS Server Architectures
A RADIUS server is used to centralize user credentials (controller login username / password) across all devices. This
chapter describes the supported RADIUS server architectures and how to configure a RADIUS server in an ECLYPSE
controller.

Overview

When network connectivity allows, a user can connect directly to an ECLYPSE controller. No matter the connection
method, a user has to authenticate themselves with their user credential (controller login username / password combina-
tion).
When a user connects to an ECLYPSE controller, the ECLYPSE controller connects to the remote RADIUS server to au-
thenticate the user's credential. A RADIUS server uses a challenge/response mechanism to authenticate a user's login
credentials. An unrecognized username or a valid username with an invalid password receive an 'access denied' re-
sponse. A remote RADIUS server can be another ECLYPSE controller, or a Microsoft Windows Domain Active Directory
Server.

Authentication Fallback

Should the connection to the remote RADIUS server be temporarily lost, ECLYPSE controllers have a fall back authentica-
tion mode: users that have already authenticated themselves with the remote RADIUS server and then the connection to
the RADIUS server is lost, these users will still be able to log in to the controller as their successfully authenticated creden-
tials are locally cached.
The user profile cache is updated when the user authenticates themselves while there is a working RADIUS server connection. For this
reason, at a minimum, admin users should log in to each ECLYPSE controller at least once, so their login can be cached on that controller.
Otherwise, if there is a RADIUS server connectivity issue and a user who has never before connected to the ECLYPSE controller will be
locked out from the controller. It is particularly important for admin user credentials to be cached on each controller as an admin user can
change the controller's network connection parameters that may be at cause for the loss of connectivity to the RADIUS server.

RADIUS Server and Enabling FIPS 140-2 Mode

On a project where the controllers have FIPS 140-2 mode enabled, a third-party Radius server cannot be used. If the use
of a Radius based authentication is required, an ECLYPSE controller must act as the Radius server. In addition, third party
Radius clients will not be able to connect to the ECLYPSE Radius server. For more information, see
nLight ECLYPSE
FIPS 140-2
Mode.
38
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the nLight ECLYPSE and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Acuity Controls nLight ECLYPSE

Related Products for Acuity Controls nLight ECLYPSE

Table of Contents

Save PDF