Digi IX10 User Manual page 401

User authentication
5. (Optional) Configure the type of service. This is the value of the service attribute in the the
TACACS+ server's configuration. For example, in
service attribute in the sample tac_plus.conf file is system, which is also the default setting in
the IX10 configuration.
(config)> auth tacacs+ service service-name
(config)>
6. Set the type of TLS connection used by the LDAP server:
(config)> auth ldap tls value
(config)>
where value is one of:
off: Uses a non-secure TCP connection on the LDAP standard port, 389.
n
on: Uses an SSL/TLS encrypted connection on port 636.
n
start_tls: Makes a non-secure TCP connection to the LDAP server on port 389, then
n
sends a request to upgrade the connection to a secure TLS connection. This is the
preferred method for LDAP.
The default is off.
7. If tls is set to on or start_tls, configure whether to verify the server certificate:
(config)> auth ldap verify_server_cert value
(config)>
where value is either:
true: Verifies the server certificate with a known Certificate Authority.
n
false: Does not verify the certificate. Use this option if the server is using a self-signed
n
certificate.
The default is true.
8. Set the distinguished name (DN) that is used to bind to the LDAP server and search for users.
Leave this option unset if the server allows anonymous connections.
(config)> auth ldap bind_dn dn_value
(config)>
For example:
(config)> auth ldap bind_dn cn=user,dc=example,dc=com
(config)>
9. Set the password used to log into the LDAP server. Leave this option unset if the server allows
anonymous connections.
(config)> auth ldap bind_password password
(config)>
10. Set the distinguished name (DN) on the server to search for users. This can be the root of the
directory tree (for example, dc=example,dc=com) or a sub-tree (for example.
ou=People,dc=example,dc=com).
IX10 User Guide
Terminal Access Controller Access-Control System Plus (TACACS+)
TACACS+ user configuration, the value of the
401