User Management
640
SonicOS Enhanced 4.0 Administrator Guide
The SonicWALL appliance can retrieve group memberships efficiently in the case of Active
Directory by taking advantage of its unique trait of returning a ‘memberOf’ attribute for a
user.
Step 9 On the LDAP Relay tab, configure the following fields:
The RADIUS to LDAP Relay feature is designed for use in a topology where there is a
central site with an LDAP/AD server and a central SonicWALL with remote satellite sites
connected into it via low-end SonicWALL security appliances that may not support LDAP.
In that case the central SonicWALL can operate as a RADIUS server for the remote
SonicWALLs, acting as a gateway between RADIUS and LDAP, and relaying
authentication requests from them to the LDAP server.
Additionally, for remote SonicWALLs running non-enhanced firmware, with this feature the
central SonicWALL can return legacy user privilege information to them based on user
group memberships learned via LDAP. This avoids what can be very complex configuration
of an external RADIUS server such as IAS for those SonicWALLs.
Enable RADIUS to LDAP Relay – Enables this feature.
Allow RADIUS clients to connect via – Check the relevant checkboxes and policy rules
will be added to allow incoming RADIUS requests accordingly.
RADIUS shared secret – This is a shared secret common to all remote SonicWALLs.
User groups for legacy VPN users – Defines the user group that corresponds to the
legacy ‘Access to VPNs’ privileges. When a user in this user group is authenticated, the
remote SonicWALL is notified to give the user the relevant privileges.
User groups for legacy VPN client users – Defines the user group that corresponds to
the legacy ‘Access from VPN client with XAUTH’ privileges. When a user in this user group
is authenticated, the remote SonicWALL is notified to give the user the relevant privileges.
User groups for legacy L2TP users – Defines the user group that corresponds to the
legacy ‘Access from L2TP VPN client’ privileges. When a user in this user group is
authenticated, the remote SonicWALL is notified to give the user the relevant privileges.
User groups for legacy users with Internet access – Defines the user group that
corresponds to the legacy ‘Allow Internet access (when access is restricted)’ privileges.
When a user in this user group is authenticated, the remote SonicWALL is notified to give
the user the relevant privileges.