Ldap

11: User Authentication

The system administrator can configure the SLC 8000 advanced console manager to use LDAP to authenticate users attempting to log in using the Web, Telnet, SSH, or the console port.

LDAP allows SLC unit users to authenticate using a wide variety of LDAP servers, such as OpenLDAP and Microsoft Active Directory. The LDAP implementation supports LDAP servers that do not allow anonymous queries.

Users who are authenticated through LDAP are granted device port access through the port permissions on this page.

All LDAP users are members of a group that has predefined user rights associated with it. You can add additional user rights that are not defined by the group.

To configure the SLC unit to use LDAP to authenticate users:

1. Click the User Authentication tab and select LDAP. The following page displays.

SLC™ 8000 Advanced Console Manager User Guide

190

Page 190

Image 190

Lantronix SLC 8000 manual To configure the SLC unit to use Ldap to authenticate users

Contents

SLC Advanced Console Manager User Guide Open Source Software WarrantyCopyright & Trademark Contacts Disclaimer & Revisions Revision History Table of Contents Web and Command Line Interfaces Quick SetupBasic Parameters Services Device Ports 100 USB/SD Card Port 157 Connections 166 User Authentication 174 Maintenance 227 Command Reference 260 Application Examples 255 Appendix B Safety Information 329 Appendix a Security Considerations 328 SLC 8000 Advanced Console Manager User Guide List of Tables List of Figures SLC 8048 Unit Front Side Part Number SLC 804812N-01-S 13 SSL Certificate97 13User Authentication Custom Menus Purpose and Audience About this GuideSummary of Chapters Additional Documentation About this Guide Introduction FeaturesPower Console Management System Features Models Access Control Protocols Supported Configuration Options Hardware FeaturesDevice Port Buffer Serial Port Interfaces Device Ports Back Side Network Connections Network Connection USB Interface Memory Card Port Internal Modem Internal Modem Location Whats in the Box InstallationPower Cords Product Information Label Technical Specifications To install the SLC 8000 advanced console manager in a rack Physical InstallationConnecting to a Device Port To connect to a device port Console Port and Device Port DTE Reverse Pinout Disabled Connecting Terminals Connecting to Network PortsModular Expansion for I/O Module AC Input To connect a terminal Modem Installation Modem Servicing Instructions Installation Battery Replacement Battery Part Numbers Disposal of Used Batteries from battery data sheet Battery Replacement Instructions Short the Battery and Damage the Battery Housing Installation Recommendations Quick SetupIP Address Navigating Method #1 Using the Front Panel DisplayFront Panel LCD Display and Keypads Before you begin, ensure that you have Enter center button Right arrowLeft arrow Up and down arrows Entering the Settings To use the LCD display to restore factory default settings Method #2 Quick Setup on the WebRestoring Factory Defaults To complete the Quick Setup Quick Setup Network Settings Date & Time Settings Administrator Settings Method #3 Quick Setup on the Command Line InterfaceTo complete the command line interface Quick Setup script IP Address if Config Eth1Specifying Password SysadminDate/Time Next Step Web and Command Line Interfaces Web Manager  Port Number Bar Logging To log in to the SLC web manager Logging Out Command Line InterfaceWeb Page Help Tips Command SyntaxCommand Line Help To log in any other user To set the number of lines displayed by a command General CLI CommandsTo configure the current command line session To show current CLI settings To clear the command history To view the last 100 commands entered in the sessionTo view the rights of the currently logged-in user Basic Parameters Requirements To enter settings for one or both network ports Network Network Settings 12340BCD1D67000000008375BADD0057 may be shortened to Ethernet Interfaces Eth1 and Eth21234BCD1D678375BADD57 Gateway Hostname & Name Servers DHCP-Acquired DNS Servers Network CommandsDNS Servers TCP Keepalive Parameters To view Ethernet port settings and counters To set the default and alternate network gatewaysTo view all network settings To view DNS settings Mapping Rulesets IP FilterViewing IP Filters To view a list of IP filters Enabling IP Filters Configuring IP FiltersTo enable IP filters To delete a mapping IP Addresses Rule ParametersRuleset Name Protocol Action Allow servicePort Range Generate rule to Updating an IP Filter IP Filter CommandsDeleting an IP Filter Dynamic Routing To configure routing settingsRouting Replace Rule Number delete Rule Number Show routing resolveip enabledisable email Email Address Equivalent Routing CommandsTo configure static or dynamic routing Static Routing Name Enable VPN TunnelTo complete the VPN Ethernet Port Remote Id Authentication IKEAuthentication ESP Remote Hop/Router Configuring an IPsec VPN Tunnel through the CLI Security To enable Fips To disable Fips Services System Logging and Other Services SSH/Telnet/Logging System Logging Audit Log Telnet Web SSH/Web Telnet SettingsPhone Home Enable Agent Top Level MIB Communities Version V3 Read-Only User SNMP, SSH, Telnet, and Logging CommandsSet services one or more services parameters V3 Read-Write User Show services Set services v3passwordv3phrasev3rwpasswordv3rwphraseTo view current services To configure NFS and SMB/CIFS SMB/CIFS Share Nfsserverhostname or ipaddr/exported/path To mount a remote NFS share NFS and SMB/CIFS CommandsTo view NFS share settings To unmount a remote NFS share Secure Lantronix Network To view SMB/CIFS settingsShow cifs Services Secure Lantronix Network To directly access the CLI interface for a device IP Address Login To directly access a specific port on a particular device SSH or Telnet CLI Session Add IP Address delete IP Address Secure Lantronix Network CommandsSet s one or more parameters Secure Lantronix Show slcnetwork ipaddrlist allAddress Mask Date and TimeSearch localsubnetipaddrlistboth To set the local date, time, and time zone 10 Services Date & Time Enable NTP Date and Time Commands To view the local date, time, and time zone Web Server To view NTP settingsTo configure the Web Server Show ntp Admin web timeout disable5-120 minutes Admin Web CommandsTo configure the timeout for web sessions Admin web protocol sslv2nosslv2 Services Web Sessions Services SSL Certificate To view, reset, import, or change an SSL Certificate Certificate Reset to DefaultLogin Import SSL Certificate Password / Retype Password Web Server CommandsTo set up an SLC iGoogle gadget IGoogle Gadgets 14 iGoogle Gadget Example Connection Methods Device PortsPermissions Modules Device Ports Device Status Devices Device Status Device Ports Devices Device Ports Global Commands Telnet/SSH/TCP in Port Numbers To open the Device Ports Settings Device Ports SettingsTo view global settings for device ports Sshport TCP Port tcpport TCP Port telnetport TCP Port SLC 8000 Advanced Console Manager User Guide 106 Device Port Settings IP Settings Data Settings Hardware Signal Triggers Modem Settings Device Ports Modem Settings PPP Mode Modem Settings Text ModeAT S7=45 SO=0 L1 V1 X4 &D2 &c1 E1 Q0 Enable NAT Same authentication forDOD Authentication Remote/Dial-out Login Device Ports SLP / ServerTech CDU Device Port Status and CountersTo open the Device Ports SLP Number of Expansion To enter SLP commandsNumber of Outlets Outlets Device Port Sensorsoft Device Devices Device Ports Sensorsoft Device Port Commands To view the settings for one or more device ports To set the dialout passwordShow deviceport port Device Port List or Name To view the modes and states of one or more device ports Device CommandsTo view a list of all device port names To zero the port counters for one or more device ports Interacting with a Device Port To connect to a device port to monitor it NFS File Logging Device Ports LoggingLocal Logging Connect direct endpoint Sylog Logging USB and SD Card LoggingEmail/SNMP Notification Device Port NumberDevice Port NameFile number.log Local Logging Email/TrapsEmail/Traps Trigger on Email DelaySend Byte Threshold USB / SD Card Logging Log Viewing AttributesSyslog Logging Show locallog Device Port # or Name bytes Bytes To Display Logging CommandsTo configure logging settings for one or more device ports To clear the local log for a device port Console Port To set console port parameters To configure console port settings Internal Modem SettingsConsole Port Commands To view console port settings Setting Up Internal Modem Storage SLC 8000 Advanced Console Manager User Guide 128 AT S7=45 SO=0 L1 V1 X4 &D2 &c1 E1 Q0 To add a host list Password/ RetypeHost Lists Chap Handshake To retry connecting to the host list Host Parameters Escape Sequence To view or update a host list Retry connecting to the host list To delete a host list Host List CommandsTo add a new host entry to a list or edit an existing entry To display the members of a host list ScriptsTo move a host entry to a new position in the host list To add a script SLC 8000 Advanced Console Manager User Guide 136 Script Name ScriptsType User Rights To view or update a scriptSD Card Right to view and enter settings for SD card Group To delete a script Batch Script SyntaxTo rename a script To change the permissions for a script Interface Script Syntax Senduser PasswordSet myvar expr 1 + Primary Commands Secondary Commands String match str 1 str String compare str 1 strCompare two strings Determine if two strings are equal Control Flow Commands 19 Control Flow Commands Sample Scripts Interface Script-Monitor Port SLC 8000 Advanced Console Manager User Guide 146 Batch Script-SLC CLI SLC 8000 Advanced Console Manager User Guide 148 Site Id SitesTo add a site Site Name Dial-out Password Login/CHAP HostDial-out Login Chap Secret To create or edit a site To view or update a siteTo delete a site Set site addedit Site Name parameters Dial Modem Dialing StatesSet site delete Site Name show site allnamesSite Name Dial-back Dial-on-demand Dial-in & Dial-on-demand Dial-back & Dial-on-demand Cbcp Server SLC 8000 Advanced Console Manager User Guide 156 Set Up of USB/SD Card Storage USB/SD Card Port Click Configure Filesystem UnmountFormat Filesystem Check To configure the USB Modem port, from the USB Ports table Devices USB Modem Modem Settings Text Mode PPP Mode Remote/Dial-out Pwd Manage Files USB Commands SD Card Commands Connections Typical Setup Scenarios for the SLC UnitTerminal Server Remote Access Server Reverse Terminal Server Multiport Device Server Console Server Outgoing Connection ConfigurationTo create a connection Connection Options To view, update, or disconnect a current connectionSSH Out Trigger To configure initial timeout for outgoing connections Connection CommandsTo monitor a device port To view connections and their IDs To terminate a bidirectional or unidirectional connectionTo display details for a single connection To display global connections Connect global show User Authentication Ldap User Authentication Authentication Methods Kerberos Set auth one or more parameters Authentication CommandsTo set ordering of authentication methods Show auth User Rights User Types and Rights Local and Remote User Settings To enable local and/or remote users Adding, Editing or Deleting a User To add a user Data Ports Listen PortsClear Port Buffers Password Expires Enable for Dial-backDisplay Menu at Login Allow Password Change SD Card Right to enter settings for SD card Select or clear the checkboxes for the following rights Local Users Commands Shortcut Local User Rights Commands Remote User Commands To view settings for all remote users To configure the SLC unit to use NIS to authenticate users User Authentication NIS Broadcast for NIS Enable NISNIS Domain NIS Master Server SLC 8000 Advanced Console Manager User Guide 188 To view NIS settings NIS CommandsTo set group and permissions for NIS users To configure the SLC unit to use Ldap to authenticate users Ldap User Authentication Ldap Enable Ldap Uid=$login,ou=People,dc=lantronix,dc=com, and user roberts Uid=roberts,ou=People,dc=lantronix,dc=com and the password Key File is in PEM format, eg Certificate in base64 encodingPrivate key in base64 encoding Right to enter modem settings for USB Ldap CommandsAdsupport enabledisable Set ldap one or more parameters To set user group and permissions for Ldap users To set the Ldap bind passwordTo view Ldap settings To import or delete a certificate Radius Tcp, or udp Listen Port Radius Commands To set user group and permissions for Radius users To view Radius settings Show radius Kerberos END-VENDOR Lantronix Realm Enable KerberosKDC IP Address KDC Port Full AdministrativeUse Ldap Set kerberos one or more parameters Kerberos CommandsSet kerberos group defaultpoweradmin To set user group and permissions for Kerberos users Set kerberos custommenu Menu Name To view Kerberos settingsSet kerberos permissions Permission List Show kerberos TACACS+ Servers Enable TACACS+Secret SLC 8000 Advanced Console Manager User Guide 207 Set tacacs+ one or more parameters TACACS+ CommandsSet tacacs+ group defaultpoweradmin To set user group and permissions for TACACS+ users Groups To view TACACS+ settingsTo configure Groups in the SLC unit Set tacacs+ custommenu Menu Name 10 User Authentication Groups Group Name Deviceport, tcp, or udp Enable forDial-back SSH Keys Imported Keys Exported Keys SLC 8000 Advanced Console Manager User Guide 214 Exported Keys SSH Out Host & Login for ImportImported Keys SSH Host & User Associated with Key To view or delete a key Host and Login for ExportTo view, reset, or import SSH RSA1, RSA, And DSA host keys Key Name Key Reset to Default HostImport Host Key Set sshkey import ftpscpcopypaste one or more parameters SSH CommandsTo import an SSH key To export a key To display SSH keys that have been imported To reset defaults for all or selected host keysTo delete a key To display SSH keys that have been exported Custom Menus To add a custom menu SLC 8000 Advanced Console Manager User Guide 221 Nicknames Menu NameTitle Redisplay Menu To delete a custom menu Custom User Menu CommandsTo view or update a custom menu To create a new custom menu from an existing custom menu To set the optional title for a menu SLC 8000 Advanced Console Manager User Guide 225 SLC 8000 Advanced Console Manager User Guide 226 Maintenance Firmware & Configurations To configure settings Maintenance Firmware & Configurations Site Information Internal TemperatureSLC Firmware Boot Banks Load Firmware Via Options Configuration Management Admin shutdown Administrative CommandsTo reboot the SLC 8000 advanced console manager Manage Files To restore the SLC unit to factory default settings To update SLC firmware to a new revisionTo view FTP settings To list current hardware and firmware information To list the configurations saved to a location To rename a saved configurationTo delete a saved configuration Set temperature one or more parameters Level System LogsTo view system logs Starting at To clear system logs System Log CommandEnding at Audit Log To clear one or all of the system logs SLC 8000 Advanced Console Manager User Guide 238 Maintenance Email Log Email Log Netstat DiagnosticsARP Table Host Lookup Diagnostic Commands Diag arp email Email Address To verify that the host is up and running To display a report of network connectionsTo resolve a host name into an IP address To generate and send Ethernet packets Diag nettrace one or more parameters Default isTo display all network traffic, applying optional filters Parameters ethport Maintenance Status/Reports Status/Reports All Displays all reports Port Status Serial port settingsView Report Devices Host Lists Emailing Logs and Reports Status CommandsTo display a snapshot of configurable parameters To display the overall status of all SLC units To email a log to an individual 11 Emailed Log or Report SLC 8000 Advanced Console Manager User Guide 248 Event Trigger EventsEthernet Events Commands LCD/Keypad To update event definitionsTo configure the LCD and Keypad To delete an event To configure the Keypad To configure the LCDKeypad Locked Restore Factory Defaults Password / Retype Password LCD/Keypad CommandsTo configure banner settings Banners Welcome Banner Banner CommandsLogin Banner Logout Banner Telnet/SSH to a Remote Device Application ExamplesSLC show deviceport port Reboot Shutdown messages from SUN SLC connect direct deviceport Dial-in Text Mode to a Remote Device Dial-in Text Mode to a Remote Device Local Serial Connection to Network Device via Telnet Local Serial Connection to Network Device via Telnet Trying Connected to Escape character is Sun OS 8.0 login Command Reference Introduction to Commands For general command line Help, type Admin banner logout Administrative CommandsAdmin banner login Admin banner show Admin config delete Admin banner sshAdmin banner welcome Admin config factorydefaults Admin config restore Admin config save Admin firmware show Admin config showAdmin firmware bootbank Admin firmware update Admin ftp show Admin ftp passwordAdmin ftp server Admin keypad Admin memory show Admin keypad showAdmin lcd reset Admin memory swap add Size of Swap in MB usbport U1U1 Admin shutdown Admin quicksetupAdmin reboot Admin site Admin web certificate reset Admin versionAdmin web certificate Admin web certificate show Admin web terminate Admin web groupAdmin web timeout Admin web show Audit Log Commands Show auth Authentication CommandsSet auth Show user Set kerberos Kerberos CommandsDisplays Kerberos settings Show kerberos Set ldap bindpassword Ldap CommandsSet ldap Set ldap certificate importdelete Local Users CommandsSet localusers addedit User Login one or more parameters Show ldap Set localusers state Set local users complexpasswordsSet localusers allowreuse Set localusers delete Set localusers periodlockout Set localusers maxloginattemptsSet localusers password Set localusers periodwarning Show localusers NIS CommandsSet nis Show nis Radius CommandsDisplays NIS settings Set radius Set radius server TACACS+ CommandsDisplays Radius settings Show radius Set localusers group User Permissions CommandsShow tacacs+ Set localusers lock Set remoteusers addedit Set localusers permissionsSet remoteusers listonlyauth Set nisldapradiuskerberostacacs+ group Set remoteusers deleteShow remoteusers Set nisldapradiuskerberostacacs+ permissions Set cli CLI CommandsSet cli terminallines Set history Connection CommandsShow cli Show history Connect global outgoingtimeout Connect direct Connect terminate Connect listen deviceportConnect unidirection Show connections connid Show connectionsSet consoleport Set localusers Custom User Menu CommandsShow consoleport Set menu add Show menu Set menu deleteSet nisldapradiuskerberostacacs+ custommenu Set nisldapradiuskerberostacacs custommenu Menu Name Show datetime Date and Time CommandsSet datetime Set ntp Set command Device CommandsShow ntp Device Port Commands Set deviceport port SLC 8000 Advanced Console Manager User Guide 294 Show deviceport names Set deviceport globalShow deviceport global Sshport TCP Port telnetport TCP Port tcpport TCP Port Show portcounters zerocounters Show deviceport portShow portcounters Show portstatus Diag internals Diagnostic CommandsDiag arp Diag netstat Diag perfstat Diag lookupDiag loopback Diag pingping6 Diag top Count=1, delay = 5 secondsDiag sendpacket host Diag traceroute Slp envmon End Device CommandsSlp auth login Slp outletcontrol state Slp restart Events CommandsAdmin events add Slp system Admin events edit Group CommandsAdmin events delete Admin events show Set hostlist addedit Host List Name entry Host List CommandsSet hostlist addedit Host List Name Set groups rename Group Name newname New Group Name Set hostlist delete Set hostlist edit Host List Name moveShow hostlist Set ipfilter state Internal Modem CommandsSet ipfilter mapping Logging Commands Set ip filter rules Set locallog clear Show locallogExample Set log modem pppdebug enabledisable Set log modem ppplog enabledisableSet log clear modem Set network Network CommandsShow log local Set network dns Set network host Configures up to three DNS serversSet network gateway Set network port Show network host Displays all network settingsShow network gateway Show network port Set nfs unmount NFS and SMB/CIFS CommandsSet nfs mount Set cifs Show cifs Routing CommandsSet cifs password Show nfs Show routing Security Commands Services Commands Show services Set slcnetwork SLC Network CommandsSSH Key Commands Show slcnetwork Set sshkey import Set sshkey deleteSet sshkey export Set sshkey import Show sshkey export Set sshkey server resetSet sshkey server import type Show sshkey import Status Commands Show sshkey server Show sysstatus System Log CommandsShow sysconfig Show syslog Set usb access USB Access CommandsUSB Storage Commands Show syslog clear Set usb storage mount Set usb storage fsckSet usb storage format Set usb storage unmount Set usb storage delete USB Modem CommandsSet usb storage copy Show usb storage Set vpn VPN CommandsSet usb modem U1U2 dialoutpassword Show usb modem Show vpn Set temperature Set temperatureShow temperature Show vpn rsakey Security Practice Appendix a Security ConsiderationsFactors Affecting Security Appendix B Safety Information Safety Precautions Rack Port Connections Appendix C Adapters and Pinouts Appendix C Adapters and Pinouts SLC 8000 Advanced Console Manager User Guide 333 Appendix D Protocol Glossary TACACS+ Terminal Access Controller Access Control System PAP Password Authentication ProtocolRadius Remote Authentication Dial-In User Service NTP Network Time Protocol Appendix E Compliance Information Manufacturer’s Name & Address Appendix E Compliance Information RoHS Notice