5. To specify a nu mber of times the user can requ est authenticati on verification from th e
server before sending an authenticat ion failure message to the user, enter an umberi n the
Retriesfield.
6. Click apply changes.
Group authorizationon TACAC S+
Using an authorizat ion method in addition to au thentication provides an ext ralev el ofsy stem
security. Selecting S ecurity - Authenti cation - TACACS+ in Ex pert mode displays the
TACACS+ form where an administrators can configure a TACACS+ authenticatio n serverand
can also enab le user authorizatio n checking.
By checking the Enab le Raccess Authorizat ion checkbox, an addit ional level o f security
checking is i mplemented. After each user is successfully aut henticated throug h the standard
login proced ure, the console server uses TACACS+ to determine whe ther or not each
user/group is authorized to access specific serial ports.
By default the Enable Raccess A uthorization is di sabled allowing a ll users full authorization .
When this feat ure is enabled by placing a check mark in the bo x, users/groups are denied
access unless they ha ve the proper authorizati on, which must be set o n the TACACS+
authenticati on server itself. To see the configuration procedures for a TACACS+ aut hentication
server, refert o the Cyclades ACS 5000 Command Reference Gu ide.
To configurean LDA P authentication server:
Performth e following procedure to con figure an LDAP authentication server when the co nsole
server or any of its p orts are configured to use the LD AP authenticatio n method or any of its
variations (LDAP, LDAP/Loca l, LDAPDownLocal or LD APDownLocal/Radiu s).
Before starting this procedure, you w ill need the followin g information from the LDAP server
administrator:
• The disting uished name of the search base
• The LDAP domain name
• W hether to use secure LD AP
• The authent ication server’s IP address
You can en ter information in th e LDAP User Name, LDAP Password and LDAP Login
Attribute fields, but an ent ryi sno t required:
Work with the LD APserver admini strator to ensure that the followin g types of accounts are set
up on the LDAP server and that the admini stratorso ft he console server and the connected
devices know th e passwords assigned to the accoun ts:
Chapter 8: Security Menu an d Forms 95