Dell 6.2 Server User Manual


  Open as PDF
of 869
 
181 | AuthenticationServers DellPowerConnectW-SeriesArubaOS6.2 | User Guide
Using the CLI
(host)(config) #aaa server-group corp-serv
auth-server radius-1 match-authstring starts-with host/ position 1
auth-server radius-2 match-authstring contains abc.corpnet.com position 2
Configuring Match FQDN Option
You can also use the “match FQDN” option for a server match rule. With a match FQDN rule, the server is selected
if the <domain> portion of the user information in the formats <domain>\<user> or <user>@<domain>
exactly
matches a specified string. Note the following caveats when using a match FQDN rule:
l This rule does
not
support client information in the host/<pc-name>.<domain> format, so it is not useful for
802.1x machine authentication.
l The match FQDN option performs matches on only the <domain> portion of the user information sent in an
authentication request. The match-authstring option (described previously) allows you to match all or a portion
of the user information sent in an authentication request.
Using the WebUI
1. Navigate to the Configuration > Security > Authentication > Servers page
2. Under the Servers tab, select Server Group to display the Server Group list.
3. Enter corp-serv for the new server group and click Add.
4. Under the Servers tab, select corp-serv to configure the server group.
5. Under Servers, click New to add the radius-1 server to the group. Select radius-1 from the drop-down menu.
a. For Match Type, select FQDN.
b. For Match String, enter corpnet.com.
c. Click Add Rule >>.
d. Scroll to the right and click Add Server.
6. Click Apply.
Using the CLI
(host)(config) #aaa server-group corp-serv
auth-server radius-1 match-fqdn corpnet.com
Trimming Domain Information from Requests
Before the controller forwards an authentication request to a specified server, it can truncate the domain-specific
portion of the user information. This is useful when user entries on the authenticating server do not include domain
information. You can specify this option with any server match rule. This option is only applicable when the user
information is sent to the controller in the following formats:
l <domain>\<user> the <domain>\ portion is truncated
l <user>@<domain> — the @<domain> portion is truncated
NOTE: This option does not support client information sent in the format host/<pc-name>.<domain>
Using the WebUI
1. Navigate to the Configuration > Security > Authentication > Servers page.
2. Select Server Group to display the Server Group list.
3. Enter the name of the new server group and click Add.
 previous next