Tripp Lite B020-U08-19-IP Switch User Manual


  Open as PDF
of 59
 
45
7. Administration
(
continued
)
7.3.4 ANMS
TheAdvancedNetworkManagementSettings(ANMS)pageallowsyou
to set up login authorization management from an external source. From
thisscreen,administratorscansetupremotemanagementviaRADIUS
and/orLDAP/S,andsetuptheaccessportandMACaddressforthe
Windows-basedlogserver.
RADIUS Settings
ToallowauthorizationforaRADIUSserver,dothefollowing:
1. Check the Enable checkbox.
2. Fill in the Primary RADIUS Server IP and access Port, and the
Alternate RADIUS Server IP and access Port.
3. IntheTimeout (seconds)field,setthetimeinsecondsthattheKVM
waitsforareplyfromtheRADIUSserverbeforeittimesout.
4. In the Retriesfield,enterthenumberoftimesyouwanttheKVMto
tryandreconnectwiththeRADIUSserverbeforeitgivesup.
5. In the Shared Secret field, key in the character string that you want to
useforauthenticationbetweentheKVMandtheRADIUSServer.
6. OntheRADIUSserver,settheaccessrightsforeachuseraccording
to the information in the table:
Character Description
C Gives the corresponding account administrator privileges.
W Gives the corresponding account access to the KVM
switch via the Windows browser and non-browser
applications.
J Gives the corresponding account access to the KVM
switch via the Java browser and non-browser applications.
L Gives the corresponding account access to the log server
on the Web Management Interface.
V Gives the corresponding account view-only access to all
ports on the KVM switch.
RADIUSServeraccessrightsexamplesaregiveninthefollowingtable:
RADIUS Access
Rights
Description
C The corresponding account has administrator
access to the KVM.
W, J, L User can access the system via the Windows and
Java browser and non-browser applications, and
can access the log server on the Web Management
Interface.
Note: Characters are not case sensitive. Characters are comma delimited.
LDAP Authentication Settings
ToallowauthenticationandauthorizationviaLDAP/S,dothefollowing:
1. Check the Enable checkbox.
2. Select LDAP or LDAPS.
3. ChecktheEnable Authorization checkbox.
4. EntertheappropriateIPaddressandaccessportfortheLDAPor
LDAPSserverintheLDAP Server IP and Port fields. The default port
numberforLDAPis389,andis636forLDAPS.
5. In the Timeout (seconds)field,setthetimeinsecondsthattheKVM
waitsforanLDAPorLDAPSserverreplybeforeittimesout.
6. IntheLDAP Admin DNfield,setthe‘root’pointfortheLDAP
manager to bind to the server.
7. In the LDAP Admin Passwordfield,keyintheLDAPmanager’s
password. (This field is optional.)
8. IntheSearch DN field, set the distinguished name of the search base
(i.e. the domain name where the search starts for the user name).
9. IntheAdmin Groupfield,keyinthenameoftheLDAPmanager.
(This field is optional.)
10.OntheLDAPserver,settheaccessrightsforeachuser.(The
followingsectionsdescribehowtoconfigureLDAPforusewiththe
KVMswitch.)
LDAP/S Server Configuration
ToallowauthenticationandauthorizationviaLDAPorLDAPS,theactive
directory’sLDAPSchemamustbeextendedsothatanextendedattribute
namefortheKVM–permission – is added as an optional attribute to the
person class.
Note: Authentication refers to the identity verification of the person
logging into the KVM switch, whereas Authorization refers to the
assigning of device permissions.
InordertoconfiguretheLDAPserver,youwillhavetocompletethe
following procedures:
• InstalltheWindows2003SupportTools
• InstalltheActiveDirectorySchemaSnap-In
• ExtendandUpdatetheActiveDirectorySchema
Each of these procedures is described in the following sections:
Install the Windows 2003 Support Tools
1. OnyourWindowsserverCD,opentheSupport Tools folder.
2. In the right panel of the dialog box that comes up, double click
SupTools.msi.
3. FollowalongwiththeInstallationWizardtocompletetheprocedure.
Install the Active Directory Schema Snap-In
1. Open a Command prompt.
2. Keyinregsvr32 schmmgmt.dll to register schmmgmt.dll on your
computer.
3. OpentheStart menu. Click Run and key in mmc /a. Click OK.
4. In the File menu of the screen that appears, click Add/Remove Snap-
in, and then click Add.
5. Under Available Standalone Snap-ins, double click Active Directory
Schema, click Close and then click OK.
6. Onthescreenyouarein,opentheFile menu and click Save.
7. Whenpromptedwheretosave,specifytheC:\Windows\system32
directory.
8. Keyinthefilename schmmgmt.msc.
9. ClickSave to complete the procedure.
201009236 93-2985.indd 45 11/18/2010 4:21:49 PM
 previous next