Anms - Tripp Lite B020-U08-19-IP Owner's Manual

7. Administration

7.3.4 ANMS

The Advanced Network Management Settings (ANMS) page allows you
to set up login authorization management from an external source. From
this screen, administrators can set up remote management via RADIUS
and/or LDAP/S, and set up the access port and MAC address for the
Windows-based log server.
RADIUS Settings
To allow authorization for a RADIUS server, do the following:
1. Check the Enable checkbox.
2. Fill in the Primary RADIUS Server IP and access Port, and the
Alternate RADIUS Server IP and access Port.
3. In the Timeout (seconds) field, set the time in seconds that the KVM
waits for a reply from the RADIUS server before it times out.
4. In the Retries field, enter the number of times you want the KVM to
try and reconnect with the RADIUS server before it gives up.
5. In the Shared Secret field, key in the character string that you want to
use for authentication between the KVM and the RADIUS Server.
6. On the RADIUS server, set the access rights for each user according
to the information in the table:
Character Description
C Gives the corresponding account administrator privileges.
W Gives the corresponding account access to the KVM
switch via the Windows browser and non-browser
applications.
J Gives the corresponding account access to the KVM
switch via the Java browser and non-browser applications.
L Gives the corresponding account access to the log server
on the Web Management Interface.
V Gives the corresponding account view-only access to all
ports on the KVM switch.
RADIUS Server access rights examples are given in the following table:
RADIUS Access Description
Rights
C The corresponding account has administrator
access to the KVM.
W, J, L User can access the system via the Windows and
Java browser and non-browser applications, and
can access the log server on the Web Management
Interface.
Note: Characters are not case sensitive. Characters are comma delimited.
201009236 93-2985.indd 45
( continued )
LDAP Authentication Settings
To allow authentication and authorization via LDAP/S, do the following:
1. Check the Enable checkbox.
2. Select LDAP or LDAPS.
3. Check the Enable Authorization checkbox.
4. Enter the appropriate IP address and access port for the LDAP or
LDAPS server in the LDAP Server IP and Port fields. The default port
number for LDAP is 389, and is 636 for LDAPS.
5. In the Timeout (seconds) field, set the time in seconds that the KVM
waits for an LDAP or LDAPS server reply before it times out.
6. In the LDAP Admin DN field, set the 'root' point for the LDAP
manager to bind to the server.
7. In the LDAP Admin Password field, key in the LDAP manager's
password. (This field is optional.)
8. In the Search DN field, set the distinguished name of the search base
(i.e. the domain name where the search starts for the user name).
9. In the Admin Group field, key in the name of the LDAP manager.
(This field is optional.)
10. On the LDAP server, set the access rights for each user. (The
following sections describe how to configure LDAP for use with the
KVM switch.)
LDAP/S Server Configuration
To allow authentication and authorization via LDAP or LDAPS, the active
directory's LDAP Schema must be extended so that an extended attribute
name for the KVM – permission – is added as an optional attribute to the
person class.
Note: Authentication refers to the identity verification of the person
logging into the KVM switch, whereas Authorization refers to the
assigning of device permissions.
In order to configure the LDAP server, you will have to complete the
following procedures:
• Install the Windows 2003 Support Tools
• Install the Active Directory Schema Snap-In
• Extend and Update the Active Directory Schema
Each of these procedures is described in the following sections:
Install the Windows 2003 Support Tools
1. On your Windows server CD, open the Support
2. In the right panel of the dialog box that comes up, double click
SupTools.msi.
3. Follow along with the Installation Wizard to complete the procedure.
Install the Active Directory Schema Snap-In
1. Open a Command prompt.
2. Key in regsvr32 schmmgmt.dll to register schmmgmt.dll on your
computer.
3. Open the Start menu. Click Run and key in mmc /a. Click OK.
4. In the File menu of the screen that appears, click Add/Remove Snap-
in, and then click Add.
5. Under Available Standalone Snap-ins, double click Active Directory
Schema, click Close and then click OK.
6. On the screen you are in, open the File menu and click Save.
7. When prompted where to save, specify the C:\Windows\system32
directory.
8. Key in the filename schmmgmt.msc.
9. Click Save to complete the procedure.
45
Tools folder.
11/18/2010 4:21:49 PM