NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

Where:

10.0.0.5 is the IP address of the LDAP or Active Directory server

“cn=demo,cn=users,dc=netgearnetworks,dc=net” is the distinguished name of an LDAP user

demo123 is the password for the user demo

“dc=netgearworks,dc=net” is the base domain that you are querying

> /tmp/file is optional and defines the file where the LDAP query results will be saved.

For further information on querying an LDAP server from a Window server, please see: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/8196d68e- 776a-4bbc-99a6-d8c19f36ded4.mspx

NT and RADIUS Domain Servers for Group Policies and Bookmarks

For authentication to RADIUS or Microsoft NT domains (using Kerberos), you can individually define AAA users and groups. This is not required, but it allows you to create separate policies or bookmarks for individual AAA users.

When a user logs in, the SSL VPN Concentrator will validate with the appropriate RADIUS or NT server that the user is authorized to log in. If the user is authorized, the SSL VPN Concentrator will check to see if a user exists in the SSL VPN Concentrator Users and Groups database. If the user is defined, then the policies and bookmarks defined for the user will apply.

For example, if you create a RADIUS domain in the SSL VPN Concentrator called “Miami RADIUS server”, you can add users to groups that are members of the “Miami RADIUS server” domain. These user names must match the names configured in the RADIUS server. Then, when users log in to the portal, policies, bookmarks and other user settings will apply to the users. If the

AAAuser does not exist in the SSL VPN Concentrator, then only the global settings, policies and bookmarks will apply to the user.

For adding new RADIUS or Microsoft NT domain servers, see “Authentication Domains” in Chapter 7.

6-22

Group and User Access Policies

v1.0, August 2006

Page 72
Image 72
NETGEAR SSL312 manual V1.0, August