Tripp Lite B092-016 Owner's Manual download pdf (Page 130)

130

LDAP

The Lightweight Directory Access Protocol (LDAP) is based on the X.500 standard, but

significantly simpler and more readily adapted to meet custom needs. The core LDAP

specifications are all defined in RFCs. LDAP is a protoco

l used to access information stored in an

LDAP server.

Further information on configuring remote RADIUS servers can be found at the

following sites:

http://www.ldapman.org/articles/intro_to_ld

ap.html

http://www.ldapman.org/servers.html

http://www.linuxplanet.com/linuxplanet/tutorials/5050/1/

http://www.linuxplanet.com/linuxplanet/tutorials/5074/4/

9.1.

RADIUS/TACA

CS User C

onfiguration

Users may be added to the local

Console Server

appliance

If they are not added and they log in via

remote AAA,

a user

will be added for them.

This user

will not show up in the

configurators unless they

are specifically added, at which point they are transformed

into a completely local user.

The newly

added user must authenticate

via

the remote AAA server, and will

not

hav

any

access if it is down.

If a local user logs in, th

ey may be authenticated/

authoriz

ed from the remote AAA server, depending on

the chosen priority of

the remote AAA.

A local user's authoriz

ation is the

union of local and remote

privileges

Example 1:

ser

is locally added, an

d has access to ports 1 and 2.

He is also defined on a remote TACACS

server, which says h

e has access to ports 3 and 4.

The user

may log in with either his local or

TACACS password, and will have ac

cess to ports 1 through 4.

If TA

CACS is down, he will need to

use his local password, and will only be able to access ports 1 and 2.

Example 2:

User

is only defined on the TACACS server, which says he has access to ports 5 and

When he

attempts to log in

a new user will be created f

or him, and he will b

e able to access ports 5 and

If the TACACS server is down

he will

not

have

any

access.

Example 3:

User

is de

fined on a RADIUS server only.

He has access to all serial ports and networkhosts.

Example 4:

User

is locally defined

on an a

ppliance using RADIUS for AAA.

Even if

the user

is also defined

on the RADIUS server

he will only have access to those serial ports and network hosts he has

been authori

ed to use on the appliance.

If a “no local AAA” option is selected, then root

will still be authenticated locally

Remote users may be added to the admin group via either RADIUS or TACACS

Users may have a set of

authorizations s

et on the remote TACACS server.

Users automatically added by RADIUS will have

authorization for all reso

urces, whereas those added locally willstill need their authorizations specified.

LDAP has not been modified, and will still need locallydefined users

1 2 ... 125 126 127 128 129 130 131 132 133 134 135 ... 241 242

Comments to this Manuals

No comments

Tripp Lite B092-016 Owner's Manual Page 130

Comments to this Manuals

Related products and manuals for KVM switches Tripp Lite B092-016