Support User Manuals

Avocent ACS 5000 Server User Manual

Open as PDF

of 161

5. To specify a number of times the user can request authentication verification from the

server before sending an authentication failure message to the user, enter a number in the

Retriesfield.

6. Click apply changes.

Group authorization on TACACS+

Using an authorization method in addition to authentication provides an extra level of system

security. Selecting Security - Authentication - TACACS+ in Expert mode displays the

TACACS+ form where an administrators can configure a TACACS+ authentication server and

can also enable user authorization checking.

By checking the Enable Raccess Authorization checkbox, an additional level of security

checking is implemented. After each user is successfully authenticated through the standard

login procedure, the console server uses TACACS+ to determine whether or not each

user/group is authorized to access specific serial ports.

By default the Enable Raccess Authorization is disabled allowing all users full authorization.

When this feature is enabled by placing a check mark in the box, users/groups are denied

access unless they have the proper authorization, which must be set on the TACACS+

authentication server itself. To see the configuration procedures for a TACACS+ authentication

server, refer to the Cyclades ACS 5000 Command Reference Guide.

To configure an LDAP authentication server:

Perform the following procedure to configure an LDAP authentication server when the console

server or any of its ports are configured to use the LDAP authentication method or any of its

variations (LDAP, LDAP/Local, LDAPDownLocal or LDAPDownLocal/Radius).

Before starting this procedure, you will need the following information from the LDAP server

administrator:

• The distinguished name of the search base

• The LDAP domain name

• Whether to use secure LDAP

• The authentication server’s IP address

You can enter information in the LDAP User Name, LDAP Password and LDAP Login

Attribute fields, but an entry is not required:

Work with the LDAP server administrator to ensure that the following types of accounts are set

up on the LDAP server and that the administrators of the console server and the connected

devices know the passwords assigned to the accounts:

Chapter 8: Security Menu and Forms 95

previous next