Tripp Lite B051-000 RADIUS Settings, LDAP Authentication Settings

Administration

RADIUS SettingsLDAP Authentication Settings

To allow authorization for the B051-000 through a RADIUS server, do the following:

1. Check Enable in the RADIUS section of the ANMS scre en.

2. Fill in the IP addresses and port number s for the Primary and Alternate R ADIUS servers.

3. In the Timeout ﬁeld, set the time in seconds that th e B051-000 waits for a RADIUS server reply before it times out.

4. In the Retries ﬁeld, set the number of allowed RADIUS retries.

5. In the Shared Secret ﬁeld, key in the character string tha t you want to use for authentication between the B051-000 and the RADIUS Server.

6. On the RADIUS server, set the access rights for each user accordi ng to the information in the table below:

Character Meaning

C Grants the user administrator privileges, allowing the user to conﬁgure the system.

W Allows the user to access the system via the Windows Client program.

J Allows the user to access the system via the Java applet.

L Allows the user to access log information via the user’s browser.

V Limits the user’s access to only viewing the video display.

S Allows the user to use the Virtual Media function.

RADIUS Server access rights examples are given in the table, below:

String Meaning

C, W User has administrator privileges; user can access the system via the Windows Client.

W, J, L User can access the system via the Windows Client; user can access the system via the Java Applet; user can access log

information via the user’s browser.

Note: Characters are not case sensitive. Charac ters are comma delimited.

To allow authentication and authorization for the B051-000 via LDAPS, do the following:

Item Description

Enable Put a check in the Enable checkbox to allow LDAP / LDAPS authentication and authorization.

LDAP / LDAPS Click to specify whether to use LDAP or LDAPS.

Enable Authorization

Click on Enable Authorization if you want it enabled.

1. If enabled, the LDAP / LDAPS server directly returns a ‘permission’ attribute and authorization for the user that is

logging in. With this selection the LDAP schema must be extended. (See LDAP Server Conﬁguration, page xx, for

details.)

2. If not enabled, the server returns a result that depends on whether the user that is logging in belongs to the B051-000

Admin Group. If the result is ‘yes’ the user has full access rights (See Administrator Access Rights, page 22); if the result

is ‘no’, the user has limited access rights. (See User Access Rights, page 22.)

Note: Consult the LDAP / LDAPS administrator to ascertain whether to enable the Enable Authorization function, or not.

LDAP Server IP and

Port Fill in the IP address and port number for the LDAP or LDAPS server. For LDAP, the default port number is 389; for

LDAPS, the default port number is 636.

Timeout Set the time in seconds that the B051-000 waits for an LDAP or LDAPS server reply before it times out.

LDAP Administrator

DN Consult the LDAP / LDAPS administrator to ascertain the appropriate entry for this ﬁeld. For example, the entry might

look like this: cn=LDAPAdmin,ou=b051-000,dc=tripp lite,dc=com

LDAP Administrator

Password Key in the LDAP administrator’s password.

Search DN Set the distinguished name of the search base. This is the domain name where the search starts for user names.

Note: If Enable Authorization is not checked, this ﬁeld must include the entry where the B051-000 Admin Group is

created. Consult the LDAP / LDAPS administrator to ascertain the appropriate value.

B051-000 Admin

Group

Key in the Group Name for B051-000 administrators.

Note: If Enable Authorization is not checked, this ﬁeld is used to authorize users that are logging in. If a user is in this

group, the user receives full access rights. If a user is not in this group, the user only receives limited access rights.

Consult the LDAP / LDAPS administrator to ascertain the appropriate value.