Casio ACS V6000 manual Appliance authentication, Authentication servers

Page 41

36ACS v6000 Installation/Administration/User Guide

authentication method that is configured for the virtual console server or the ports is used for authentication of any user who attempts to log in through Telnet, SSH or the web manager.

Appliance authentication

The virtual console server authenticates for the virtual console server and the ports, either in groups or individually.

NOTE: It is advised when using group authorization that you use the same authorization for both the virtual console server and all serial ports, or use Single Sign-on Authentication to facilitate group authorization.

When Single Sign-on Authentication is disabled, the virtual console server uses the individual port configurations. Users must use their password each time they access an individual port. If enabled, Single Sign-on Authentication will use the authentication server you choose from the pull-down menu for all ports and no further authentication will be needed when accessing the port after that.

NOTE: Selecting unconfigured from the pull-down menu will allow the ports to continue to use individual authentication servers, and will require your password the first time you access any port. After that, the port will not require password authentication if Single Sign-on Authentication is enabled.

To set authentication for the console server:

1.Click Authentication - Appliance Authentication.

2.Select the desired authentication server from the Authentication Type drop-down menu.

3.Select Enable single sign-onto enable single sign-on authentication, and select the desired authentication server from the Authentication Type drop-down menu.

4.Click Save.

Authentication servers

When using an authentication server, you must configure its IP address and in most cases other parameters before it can be used. The following authentication servers require configuration: RADIUS, TACACS+, LDAP(S)AD, Kerberos, NIS and DSView 3 servers.

To configure a RADIUS authentication server:

1.Select Authentication - Authentication Servers - RADIUS.

2.Enter the IP addresses of the First Authentication Server and First Accounting Server.

3.If used, enter the IP addresses for the Second Authentication Server and Second Accounting Server.

Image 41

Contents ACS Page ACS B L E of C on TE N TS Iii ACS v6000 Installation/Administration/User Guide Access options Features and BenefitsFlexible users and groups Web ManagerIPv4 and IPv6 support Security AuthenticationVPN based on IPSec with NAT traversal Packet filteringAuto discovery Data logging, notifications, alarms and data bufferingACS v6000 virtual console server requirements To create the virtual machine using the vSphere clientPage Using Telnet or SSH # telnet hostname IPaddress To use Telnet to connect to a device through a serial portTo close a Telnet session To use SSH to connect to a device through a serial portTo close an SSH session ACS v6000 Installation/Administration/User Guide To log into the web manager Web Manager Overview for AdministratorsWizard Mode Wizard Screen To configure Ports To configure network parametersTo configure licenses Access Expert ModeTo configure users and change the default user passwords To view and connect to devices using the web managerSecurity profiles System ToolsSystem Select System Security Security Profile To configure the Security ProfileTo configure DSView 3 software security settings Help and Language Date and TimeUsage VM SettingsInformation VCenter To configure a vCenterTo add an association by Datacenter License To power control targets using the web managerNetwork To configure a network device SettingsDevices IPv4 and IPv6 static routesHosts Configuring the firewallFirewall To add a hostTo add a chain Protocol optionsIPSecVPN To change the policy for a default chainTo add a rule To edit a rulePayload or AH Authentication Header Click Network Snmp Snmp ConfigurationTo configure Snmp Ports To enable or disable one or more serial portsSerial ports Select Ports Serial PortsCAS Ctrl-X Parameter Description Auto discovery To copy/clone the configuration of one port to other portsCAS Profile Select Ports CAS Profile Auto Answer To configure the input/output strings used by auto answerSelect Probe Strings or Match Strings Click Ports Pool of CAS Ports To configure a pool of CAS portsPool of CAS ports Pool of CAS Ports Parameters Parameter Description AuthenticationAuthentication servers Appliance authenticationTo set authentication for the console server To configure a Radius authentication serverSelect Authentication Authentication Servers TACACS+ To configure a TACACS+ authentication serverTo configure an Ldapsad authentication server Select Authentication Authentication Servers LdapsadTo configure an NIS authentication server To configure a Kerberos authentication serverTo configure a DSView authentication server Users Accounts and User GroupsTo add new users Local accountsClick Users Local Accounts Password Rules To configure password rulesAdmin group User groupsTo view admin Appliance Access Rights Shell-login-profile Appliance-admin groupUser group Managing user groupsTo remove members from a user group To configure a login profile for a user groupCheck the Enable Log-In Profile box To assign appliance access rights for custom user groups To add access to serial ports for a user groupTo configure a group in a Radius authentication server To configure a group in a TACACS+ authentication serverEvent Destinations Event NotificationsEvent List Select Events and Logs Data Buffering To configure Data BufferingData Buffering Active Sessions To configure Appliance LoggingMonitoring Appliance LoggingTo change your own password Change PasswordSelect Change Password Web Manager Overview for Regular UsersACS v6000 Installation/Administration/User Guide Configuration Appendix a BootP Configuration RetrievalAppendix B Technical Support To resolve an issueFor Technical Support