Ldap Authentication; Radius/Tacacs User Configuration - Tripp Lite B092-016 Owner's Manual

Chapter 9: Authentication
9.1.4

LDAP authentication

Perform the following procedure to configure the LDAP authentication method to be used whenever the Console Server or any
of its serial ports or hosts is accessed:
• Select Serial and Network: Authentication and check LDAP or LocalLDAP or LDAPLocal or LDAPDownLocal
• Enter the Server Address (IP or host name) of the remote Authentication server. Multiple remote servers may be
specified in a comma-separated list. Each server is tried in succession.
• Enter the Server Password
Note: To interact with LDAP requires that the user account exist on our Console Server to work with the remote server, i.e., you
can't just create the user on your LDAP server and not tell the Console Server about it. You need to add the user account.
• Click Apply. LDAP remote authentication will now be used for all user access to Console Server and serially or network
attached devices
LDAP The Lightweight Directory Access Protocol (LDAP) is based on the X.500 standard, but is significantly simpler and
more readily adapted to meet custom needs. The core LDAP specifications are all defined in RFCs. LDAP is a protocol
used to access information stored in an LDAP server. Further information on configuring remote RADIUS servers can
be found at the following sites:
http://www.ldapman.org/articles/intro_to_ldap.html
http://www.ldapman.org/servers.html
http://www.linuxplanet.com/linuxplanet/tutorials/5050/1/
http://www.linuxplanet.com/linuxplanet/tutorials/5074/4/
9.1.5

RADIUS/TACACS user configuration

Users may be added to the local Console Server appliance. If they are not added and they log in via remote AAA, a user will
be added for them. This user will not show up in the configurators unless they are specifically added, at which point they are
transformed into a completely local user. The newly added user must authenticate via the remote AAA server, and will not have
any access if it is down.
If a local user logs in, they may be authenticated/authorized from the remote AAA server, depending on the chosen priority of
the remote AAA. A local user's authorization is the union of local and remote privileges.
Example 1:
User A is locally added, and has access to ports 1 and 2. He is also defined on a remote TACACS server, which says he has
access to ports 3 and 4. The user may log in with either his local or TACACS password, and will have access to ports 1 through
4. If TACACS is down, he will need to use his local password, and will only be able to access ports 1 and 2. Example 2:
User B is only defined on the TACACS server, which says he has access to ports 5 and 6. When he attempts to log in, a
new user will be created for him, and he will be able to access ports 5 and 6. If the TACACS server is down, he will not
have any access.
139