Ldap Module Configuration; Table 54 Ldap Module Settings - Aruba Networks PowerConnect W Clearpass 100 Software Deployment Manual
3.7 deployment guide
Hide thumbs
Also See for PowerConnect W Clearpass 100 Software:
- Deployment manual (518 pages) ,
- Manual (22 pages) ,
- Installation manual (12 pages)
Table of Contents
Advertisement
Table 53 Optional EAP Module Options (Continued)
Function
module.eap_peap= no
LDAP Module Configuration
The following LDAP module options are usually not required, as LDAP server configuration can be
performed using the WebUI. See
RADIUS Services chapter for further details.
Table 54 LDAP Module Settings
Setting
module.ldap = no
ldap.server = ldap.example.com
ldap.port = 389
ldap.edir_account_policy_check = yes
Amigopod 3.7 | Deployment Guide
Description
PEAP authentication. The PEAP module needs the TLS module to
be installed and configured, in order to use the TLS tunnel inside of
the EAP packet. You will still need to configure the TLS module,
even if you do not want to deploy EAP-TLS in your network. Users
will not be able to request EAP-TLS, as it requires them to have a
client certificate. EAP-PEAP does not require a client certificate.
eap.peap.default_eap_type = mschapv2
The tunneled EAP session needs a default EAP type which is
separate from the one for the non-tunneled EAP module. Inside
of the TLS/PEAP tunnel, we recommend using EAP-MS-
CHAPv2.
module.eap_mschapv2 = yes
Enable the EAP MS-CHAPv2 sub-module. In order for this sub-
module to work, the main 'mschap' module must also be
configured. This module is the Microsoft implementation of MS-
CHAPv2 in EAP. There is another (incompatible) implementation
of MS-CHAPv2 in EAP by Cisco, which is not currently
supported.
"Configuring an LDAP External Authentication Server"
Description
Lightweight Directory Access Protocol (LDAP).
This module definition allows you to use LDAP for authorization
and authentication (Auth-Type := LDAP).
Set the LDAP server hostname/ip address. You can also pass an
LDAP URL like ldap://localhost. That way you can also specify
alternative ldap schemas like ldaps:// or ldapi://. The port directive
will be ignored in this case.
LDAP server port. If LDAP server port is set to 636 (ldaps), SSL
connection is enforced. This feature is useful for LDAP servers
which support SSL, but don't do TLS negotiation (like Novell
eDirectory).
Applies Novell's account policy checks (authorization) when
authenticating a user via LDAP lookup in the eDirectory. The
default setting is "yes". To disable the Novell account policy
checks, set this option to "no", in which case all authorization will
be performed by the RADIUS server.
Required for Novell eDirectory support. When defining this
attribute for an individual Novell eDirectory LDAP server, remove
the "ldap." prefix from the attribute name.
in the
Reference |
419
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the PowerConnect W Clearpass 100 Software and is the answer not in the manual?