CHAPTER 4: ADMINISTRATIVE FUNCTIONS
39
5. Click [OK] to save User properties or [Cancel] to close the window without saving.
Delete Users
To delete an existing user, select the user that you wish to delete, right-click on the user icon, and select
Delete User.
Remote Authentication
Introduction
Note to CommandCenter Users
If you plan to configure Dominion KX to be integrated with and controlled by Raritan’s CommandCenter
management appliance, this section of the User Manual does not apply to you
. When a Dominion KX unit
is controlled by CommandCenter, CommandCenter determines the allowed users and groups. Please refer
to your CommandCenter User Guide.
Note to Raritan Customers Upgrading from Previous Firmware Versions
If you have previously implemented RADIUS authentication on Raritan products such as Dominion KSX
and IP-Reach running legacy firmware versions earlier than v3.2, read this entire section carefully
.
Beginning with firmware version v3.2 and above, the implementation of external authentication has
changed significantly to provide more flexible and powerful configurations.
Supported Protocols
In order to simplify management of usernames and passwords, Dominion KX provides the capability to
forward authentication requests to an external authentication server. Dominion KX supports two external
authentication protocols: LDAP and RADIUS.
Note on Microsoft Active Directory
Microsoft Active Directory uses the LDAP protocol natively, and can function as an LDAP server and
authentication source for Dominion KX. If it has the IAS (Internet Authorization Server) component, a
Microsoft Active Directory server can also serve as a RADIUS authentication source.
Remote Authentication Implementation
Priority
When a user tries to authenticate to a Dominion KX unit that is configured for external authentication,
Dominion KX first checks its own internal user database for that username. If the username is not found in
the Dominion KX internal database, the request is forwarded to the external authentication server.
• If Username is not found in Dominion KX internal database: Request is forwarded to external
authentication server to determine whether the login is allowed or denied.
• If Username is found in Dominion KX internal database and Password is correct: Login is
allowed.
• If Username is not found in Dominion KX internal database and Password is incorrect: Login is
denied; the request does NOT get forwarded to the external authentication server.