Aruba Networks PowerConnect W Clearpass 100 Software Manual
External authentication servers software walkthrough technote
Hide thumbs
Also See for PowerConnect W Clearpass 100 Software:
- Deployment manual (518 pages) ,
- Manual (22 pages) ,
- Installation manual (12 pages)
Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Related Manuals for Aruba Networks PowerConnect W Clearpass 100 Software
Summary of Contents for Aruba Networks PowerConnect W Clearpass 100 Software
- Page 1 Amigopod External Authentication Servers Software Walkthrough...
- Page 2 Copyright © 2011 Aruba Networks, Inc. Aruba Networks trademarks include Airwave, Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, Green Island®. All rights reserved.
-
Page 3: Table Of Contents
Table of Contents External Authentication Servers ........................4 About RADIUS Authentication Servers ......................4 Types of authentication server ........................4 Authorization for external authentication servers ..................4 Configuring RADIUS Authentication ......................5 Joining an Active Directory domain ......................5 Authenticating Active Directory users ......................8 Leaving an Active Directory domain ...................... -
Page 4: External Authentication Servers
External Authentication Servers About RADIUS Authentication Servers Authentication is the verification of a user’s credentials, typically a username and password. Many networks have more than one place where user credentials are stored. Networks that have different types of user, geographically separate systems, or networks created by integrating different types of systems are all situations where user account information can be spread across several places. -
Page 5: Configuring Radius Authentication
• Use role assigned to local user is the only authorization method available for the local user database. If the user’s authentication attempt is successful, the RADIUS server will respond with an Access-Accept message that includes the RADIUS attributes defined for the user’s role. •... - Page 6 Selecting the Join Domain command starts a two-step process to join the domain: The process has built-in troubleshooting assistance, which can help with much of the necessary configuration: When the server’s DNS and network settings are correctly configured, all the necessary domain- related information is automatically detected: 6| External Authentication Servers Amigopod |Technical Note...
- Page 7 Joining the server to the Active Directory domain then requires entering the username and password for a domain administrator account. Once the domain has been joined, the status is available on the Active Directory Services page. Amigopod |Technical Note External Authentication Servers...
-
Page 8: Authenticating Active Directory Users
Authenticating Active Directory users As indicated in the domain summary, the RADIUS server cannot authenticate user accounts in Active Directory until a domain username and password is provided. Clicking the Configure Authentication command link displays the Edit Authentication Server form for Active Directory: 8| External Authentication Servers Amigopod |Technical Note... -
Page 9: Leaving An Active Directory Domain
Most of the settings for the authentication server are automatically detected, however a Bind Identity (username) and Bind Password are required in order to authenticate users against the directory. NOTE The credentials provided do not need to be those of a domain administrator; a restricted user account may be provided here. -
Page 10: Managing Authentication Servers
As with joining the domain, the credentials for a domain administrator are required to perform this operation. Managing Authentication Servers The RADIUS Authentication Servers page lists all available sources for use with authentication: The Test Authentication command may be used to check the connection to an authentication server, or verify the authorization rules that have been configured: NOTE Changing the properties of an authentication server requires restarting the RADIUS server. -
Page 11: Authorization For External Authentication Servers
Authorization for External Authentication Servers When a RADIUS Access-Request for a particular user is handled using an external authentication server, the user’s authorization is determined by the Authorization settings for that server. The RADIUS Authentication diagnostic can be used to demonstrate the difference between the various authorization methods. -
Page 12: Advanced Authorization - Example 1
• With authorization method Use PHP code to assign a user role (Advanced) – more complex authorization rules can be implemented to specify which role to assign to an authenticated user. Authorization can use any of the available properties of the user account, as well as taking into account other factors such as the time of day, previous usage, and more. - Page 13 • Select the authorization method Use PHP code to assign a user role (Advanced) and use the following code: if (in_array('CN=Domain Admins,CN=Users,DC=amigopod,DC=local', $user['memberof'])) return 4; if (in_array('CN=Users,CN=Builtin,DC=amigopod,DC=local', $user['memberof'])) return 5; return false; Explanation: During user authorization, the ‘memberOf’ attribute of the user (which will contain a list of the groups to which the user belongs) is checked against the defined rules, and an appropriate role ID is returned.
Need help?
Do you have a question about the PowerConnect W Clearpass 100 Software and is the answer not in the manual?
Questions and answers