Manuals / Avocent / Computer Equipment / Server

Avocent ACS 5000 manual Group authorization on TACACS+, To configure an Ldap authentication server

Models: ACS 5000

1 161
Download 161 pages 20.5 Kb
Page 103
Image 103

Chapter 8: Security Menu and Forms 95

5.To specify a number of times the user can request authentication verification from the server before sending an authentication failure message to the user, enter a number in the Retries field.

6.Click apply changes.

Group authorization on TACACS+

Using an authorization method in addition to authentication provides an extra level of system security. Selecting Security - Authentication - TACACS+ in Expert mode displays the TACACS+ form where an administrators can configure a TACACS+ authentication server and can also enable user authorization checking.

By checking the Enable Raccess Authorization checkbox, an additional level of security checking is implemented. After each user is successfully authenticated through the standard login procedure, the console server uses TACACS+ to determine whether or not each user/group is authorized to access specific serial ports.

By default the Enable Raccess Authorization is disabled allowing all users full authorization. When this feature is enabled by placing a check mark in the box, users/groups are denied access unless they have the proper authorization, which must be set on the TACACS+ authentication server itself. To see the configuration procedures for a TACACS+ authentication server, refer to the Cyclades ACS 5000 Command Reference Guide.

To configure an LDAP authentication server:

Perform the following procedure to configure an LDAP authentication server when the console server or any of its ports are configured to use the LDAP authentication method or any of its variations (LDAP, LDAP/Local, LDAPDownLocal or LDAPDownLocal/Radius).

Before starting this procedure, you will need the following information from the LDAP server administrator:

The distinguished name of the search base

The LDAP domain name

Whether to use secure LDAP

The authentication server’s IP address

You can enter information in the LDAP User Name, LDAP Password and LDAP Login Attribute fields, but an entry is not required:

Work with the LDAP server administrator to ensure that the following types of accounts are set up on the LDAP server and that the administrators of the console server and the connected devices know the passwords assigned to the accounts:

Page 102 Page 104
Page 103
Image 103
Avocent ACS 5000 manual Group authorization on TACACS+, To configure an Ldap authentication server
Page 102 Page 104