Chapter 30 AAA Server
NXC5200 User’s Guide
432
Use SSL
Select Use SSL to establish a secure connection to the AD or LDAP
server(s).
Search time
limit
Specify the timeout period (between 1 and 300 seconds) before the
NXC disconnects from the AD server. In this case, user authentication
fails.
Search timeout occurs when either the user information is not in the AD
or the AD is down.
Bind DN
Specify the bind DN for logging into the AD server. Enter up to 127
alphanumerical characters.
For example,
cn=zyAdmin
specifies
zyAdmin
as the user name.
Password
If required, enter the password (up to 15 alphanumerical characters)
for the NXC to bind (or log in) to the AD server.
Base DN
Specify the directory (up to 127 alphanumerical characters). For
example,
o=ZyXEL, c=US
.
Login Name
Attribute
Enter the type of identifier the users are to use to log in. For example
“name” or “e-mail address”.
Alternative
Login Name
Attribute
If there is a second type of identifier that the users can use to log in,
enter it here. For example “name” or “e-mail address”.
Group
Membership
Attribute
Enter the name of the attribute that the NXC is to check to determine to
which group a user belongs. The value for this attribute is called a group
identifier; it determines to which group a user belongs. You can add
ext-group-user user objects to identify groups based on these group
identifier values.
For example you could have an attribute named “memberOf” with
values like “sales”, “RD”, and “management”. Then you could also create
a ext-group-user user object for each group. One with “sales” as the
group identifier, another for “RD” and a third for “management”.
Enable
Select this to enable domain authentication for MSChap.
Note: This is only for LDAP.
User Name
Enter the user name for the user who has rights to add a machine to
the domain.
Note: This is only for LDAP.
User Password
Enter the password for the associated user name.
Note: This is only for LDAP.
Realm
Enter the realm IP address.
Note: This is only for LDAP.
Configuration
Validation
Use a user account from the server specified above to test if the
configuration is correct. Enter the account’s user name in the
Username field and click Test.
Table 163
Add/Edit (continued)
LABEL
DESCRIPTION