Manuals / Cisco Systems / Computer Equipment / Network Card

Cisco Systems 4.2 manual set protocol ldap, set Port, set UserPasswordAttribute password, 5-10

Models: 4.2

1 94

Download 94 pages 10.59 Kb

Page 82

set protocol ldap

Chapter 5 Customizing Your Configuration

Configuring a Remote Server for AA

Step 5 Use the set command to specify the protocol ldap:

set protocol ldap

Step 6 Use the set command to specify the required LDAP properties.

At the very least you must specify:

•IPAddress—the IP address of the LDAP server (for example, 196.168.1.5).

•Port—the port the LDAP server is listening on (for example, 389).

•HostName—the hostname of the machine specified in the IP address field (for example,

ldap1.QuickExample.com).

•SearchPath—the directory in the LDAP database to use as the starting point when searching for user information (for example, o=Ace Industry, c=US).

•Filter—the filter to use to find user entries in the LDAP database (for example, (uid=%s)).

•UserPasswordAttribute—the name of the LDAP attribute in a user entry that contains the user’s password (for example, userpassword).

•BindName—specifies the distinguished name (DN) in the LDAP server for CAR to bind with the LDAP server (for example,

uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot)

•BindPassword—Specifies the password for the distinguished name (for example, cisco123) set IPAddress 196.168.1.5

set Port 389

set HostName ldap1.QuickExample.com set SearchPath "o=Ace Industry, c=US" set Filter (uid=%s)

set UserPasswordAttribute password

set BindName uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot set BindPassword cisco123

See Table 19-1LDAP Service Properties, page 19-2of the Cisco Access Registrar User Guide for descriptions of the other LDAP properties.

Configuring Services

To use LDAP for authorization and/or authentication, you must configure a Services object.

	Installing and Configuring Cisco Access Registrar, 4.2
5-10	OL-17221-02

Image 82

Cisco Systems 4.2 manual set protocol ldap, set Port, set UserPasswordAttribute password, 5-10, Configuring Services

Contents

November Americas HeadquartersInstalling and Configuring Cisco Access Registrar Cisco Systems, Inc 170 West Tasman Drive San Jose, CAInstalling and Configuring Cisco Access Registrar Copyright 2007 Cisco Systems, Inc. All rights reservedCisco.com C O N T E N T SOverview License Slabs3-12 Using pkgrm to Remove Cisco Access Registrar Solaris Software3-11 3-12Installing Cisco Access Registrar Software from CD-ROM Using aregcmdUsing a Script to Determine Service Creating and Setting Group MembershipCreating a RemoteServer Contents Configuring Session ManagementConfiguring Session Management Installing and Configuring Cisco Access RegistrarContents Installing and Configuring Cisco Access Registrar viiiOL-17221-02 Obtaining Documentation About This GuideCisco.com Cisco Product Security Overview Reporting Security Problems in Cisco ProductsDocumentation Feedback For Emergencies only - security-alert@cisco.comCisco Technical Support & Documentation Website Obtaining Technical Assistancehttp//tools.cisco.com/RPF/register/register.do Submitting a Service Request Definitions of Service Request SeverityObtaining Additional Publications and Information xiiiAbout This Guide Installing and Configuring Cisco Access RegistrarOL-17221-02 Overview Installation Dialog OverviewInstallation Type C H A P T E RJava 2 Runtime Environment Installation LocationLicense File Location Open Database ConnectivityContinue with Installation Downloading Cisco Access Registrar SoftwareExample Configuration Base DirectoryCisco Access Registrar 4.2 Licensing CSCOar-4.2.1-sol10-k9.tar.gz for SolarisProduct Getting Cisco Access Registrar 4.2 LicenseLicense Slabs DescriptionSample License File Installing Cisco Access Registrar 4.2 LicensesAdding Additional Cisco Access Registrar 4.2 Licenses opt/CSCOar/bin/arserver restartLaunching aregcmd aregcmd Command-Line OptionDisplaying License Information aregcmd -l directorynameInstalling and Configuring Cisco Access Registrar Chapter 1 Overview Cisco Access Registrar 4.2 LicensingOL-17221-02 Installing the Cisco Access Registrar 4.2 License File, page Installing Cisco Access RegistrarInstalling the Cisco Access Registrar 4.2 License File Installing Cisco Access Registrar 4.2 Software on Solaris, pageInstalling Downloaded Software Deciding Where to InstallInstalling Cisco Access Registrar Software from CD-ROM Deciding Where to Installzcat CSCOar-4.2.1-sol9-K9.tar.gz tar xvf Common Solaris Installation StepsStep 5 Proceed to Common Solaris Installation Steps pkgadd -d /tmp CSCOarStep 9 Enter the directory or mount point where the J2RE is installed Chapter 2 Installing Cisco Access Registrar Step 13 Enter Y to install the setuid/setgid filesStep 14 Enter Y to continue with the software installation Installing Cisco Access Registrar 4.2 Software on SolarisConfiguring SNMP Installing Cisco Access Registrar 4.2 Software on LinuxInstalling Cisco Access Registrar on LDoms RPC Bind Serviceschmod 777 CSCOar-4.2.1-lnx26-install-K9.sh Common Linux Installation Stepscp CSCOar-4.2.1-lnx26-install-K9.sh /tmp cd /cdrom/cdrom0/kit/linux-2.4Build Host spencer.cnslab.cisco.com CSCOar-4.2.1-lnx26-install-k9.shBuild Date Mon Nov 03 235551 Copyright CInstalling Cisco Access Registrar 4.2 Software on Linux Configuring SNMPChapter 2 Installing Cisco Access Registrar Installing and Configuring Cisco Access RegistrarInstalling Cisco Access Registrar 4.2 Software on Linux 2-10Chapter 2 Installing Cisco Access Registrar Installing and Configuring Cisco Access RegistrarLinux Software Upgrade Overview, page Software Upgrade Tasks, page Solaris Software Upgrade OverviewSolaris Software Upgrade Overview, page Installing the Cisco Access Registrar License File, pagecd /opt mv AICar1 CSCOar Linux Software Upgrade OverviewSee Using pkgrm to Remove Cisco Access Registrar Solaris Software etc/init.d/arserver restartcd /radius/replication Software Upgrade TasksDisabling Replication etc/init.d/arserver restartRemoving the AICar1 Package Using pkgrm to Remove Cisco Access Registrar Solaris Softwarepkgrm AICar1 Chapter 3 Upgrading Cisco Access Registrar Software Removing the CSCOar Packagepkgrm CSCOar Software Upgrade TasksUsing uninstall-ar to Remove Linux Software cd /opt/CSCOar/bin uninstall-arDeciding Where to Install, page Installing the Cisco Access Registrar License FileUpgrading Cisco Access Registrar Solaris Software Installing Cisco Access Registrar Software from CD-ROM, pageInstalling Downloaded Software zcat CSCOar-4.2.1-sol9-k9.tar.gz tar xfInstalling Cisco Access Registrar Software from CD-ROM Common Solaris Installation StepsStep 1 For a full install, press Enter Step 9 Enter Y to install the setuid/setgid files 3-10Step 7 Enter the administrator userID and password Step 10 Enter Y to continue with the software installationConfiguring SNMP Back-up Copy of Original Configuration3-11 If you choose not to use the SNMP features of CAR, the installation process is completed. To use SNMP features, complete the configuration procedure described in Configuring SNMPRemoving Old VSA Names VSA Update Script3-12 Common Linux Installation Steps, page Upgrading Cisco Access Registrar Linux SoftwareUsing uninstall-ar to Remove Linux Software, page opt/CSCOar/datacd /opt/CSCOar/bin arserver stop uninstall-arcp CSCOar-4.2.1-lnx26-install-k9.sh /tmp cd /cdrom/cdrom0/kit/linux-2.63-15 chmod 777 CSCOar-4.2.1-lnx26-install-k9.shCSCOar-4.2.1-lnx26-install-K9.sh Common Linux Installation Steps3-16 directory where it is installedopt/CSCOar/jakarta-tomcat-4.0.6/webapps/tomcat-docs/ssl-howto.html Backup Copy of Original Configuration3-17 PreparingChapter 3 Upgrading Cisco Access Registrar Software 3-18VSA Update Script Upgrading Cisco Access Registrar Linux Software3-19 Configuring SNMPRestarting Replication Configuring SNMPInstalling and Configuring Cisco Access Registrar 3-20Chapter 3 Upgrading Cisco Access Registrar Software Restarting ReplicationGeneral Command Syntax Configuring Cisco Access RegistrarUsing aregcmd Using aregcmd, page Configuring a Basic Site, pagearegcmd Commands Configuring a Basic SiteRunning aregcmd cd admin Changing the Administrator’s Passwordcd //localhost/Administrators set Passwordcd /Administrators Configuring the RADIUS ServerCreating Additional Administrators add jane testadminSelecting Ports to Use Checking the System-Level Defaultsset DefaultSessionManager Checking the Server’s Healthcd /Radius/Advanced/Ports Displaying the UserListsStep 1 Change directory to /Radius/Advanced/Ports add add lsls -R Displaying the Default UserListAdding Users to UserLists add janeDisplaying UserGroups set password janecd /Radius/UserLists/Default delete beth Deleting Userscd /Radius/Clients Configuring ClientsAdding a NAS add QuickExampleNASset IncomingScript ParseServiceHints EnableDynamicAuthorization TRUE Configuring ProfilesSetting RADIUS Attributes EnableNotifications TRUESaving and Reloading Validating and Using Your ChangesAdding Multiple Cisco AV Pairs set Framed-Routing 192.168.1.0/24radclient -s Testing Your ConfigurationUsing radclient simple john johnSetting the Trace Level Configuring AccountingTroubleshooting Your Configuration p001 sendStopping the Master Agent Enabling SNMP in the Cisco Access Registrar Serverset Enabled TRUE aregcmd cd /Radius/Advanced/SNMPopt/CSCOar/bin/arserver stop Access ControlModifying the snmpd.conf File 4-15Trap Recipient Configuring Dynamic DNSRestarting the Master Agent System Contact Informationcd /Radius/RemoteServers add ddns cd /Radius/Advanced/DDNS/TSIGKeys add foo.comcd foo.com set Secret base64-encoded string cd ddns set Protocol dynamic-dnsset ForwardZoneTSIGKey foo.com set ReverseZoneTSIGKey foo.com Testing Dynamic DNS with radclientset IPAddress 10.10.10.1 ip address of primary dns server for zone cd /Radius/ResourceManagers add ddnsacctrequest Start username cd /opt/CSCOar/bin aregcmdtrace Step 3 Launch radclient cd /opt/CSCOar/bin radclient set p acctrequest Start bobInstalling and Configuring Cisco Access Registrar 4-20Chapter 4 Configuring Cisco Access Registrar Configuring Dynamic DNS OL-17221-02Configuring Specific Groups Customizing Your ConfigurationConfiguring Groups C H A P T E Rcd /Radius/UserLists/Default/jean Creating and Setting Group Membershipadd PPP-users Users who always connect using PPP default-PPP-users Objectcd /Radius/UserGroups/Default Configuring a Default GroupUsing a Script to Determine Service set AuthorizationScript AuthorizeServicesave Configuring Multiple UserListsset Group Default reloadCreating Separate UserLists Configuring Separate UserListsConfiguring Users Populating UserListscd /Radius/Services Configuring ServicesCreating Separate Services cd /Radius/Services/North-usersChoosing the Scripting Point Configuring the ScriptClient Scripting cd /Radiusadd ParseUserName Rex libParseUserName.so ParseUserName Configuring a Remote Server for AAHandling Multiple Scripts Save tcl scripts in the directory /opt/CSCOar/scripts/radius/tclcd /Radius/RemoteServers Configuring the Remote ServerCreating a RemoteServer add QuickExampleset Port set UserPasswordAttribute passwordset protocol ldap 5-10set type ldap Creating Servicesadd remote-ldap Remote LDAP Service 5-11set DefaultAuthentication remote-ldap Configuring Multiple Remote ServersChanging the Authentication and Authorization Defaults set DefaultAuthorization remote-ldapadd North Configuring Two Remote ServersCreating RemoteServers 5-13set protocol radius Creating the Servicescd /Radius/RemoteServers/North set SharedSecretConfiguring the Script set IncomingScript ParseRemoteServers5-15 Choosing the Scripting PointCreating a Resource Manager Configuring Session ManagementConfiguring a Resource Manager 5-16cd /Radius/ResourceManagers Configuring a Session ManagerCreating a Session Manager add rm-100set 1 rm-100 Configuring Session ManagementEnabling Session Management 5-18I N D E SymbolsIN-1 Failover policy IN-2Java 2 Platform IN-3 IN-4