The default authentication method for the console server is Local. You can either accept the default or select another authentication method from the Unit Authentication pull-down menu on the AuthType form.
For example, if LDAP authentication were to be used for logins to the console server and Kerberos for logins to serial ports, then the console server needs to have network access to an LDAP and a Kerberos authentication server. The administrator needs to perform setup on the console server for both types of authentication servers.
The administrator completes the appropriate form through the Web Manager Expert - Security - Authentication to setup an authentication server for every authentication method to be used by the console server and its ports.
Perform the following procedure to configure a RADIUS authentication server when the console server or any of its ports are configured to use RADIUS authentication method or any of its variations (Local/RADIUS, RADIUS/Local or RADIUS/DownLocal).
Group information retrieval from a RADIUS authentication server adds another layer of security by adding a network-based authorization. It retrieves the group information from the authentication server and performs an authorization through the console server.
Perform the following procedure to configure a TACACS+ authentication server when the console server or any of its ports are configured to use TACACS+ authentication method or any of its variations (Local/TACACS+, TACACS+/Local or TACACS+/DownLocal).
By default, Raccess Authorization is disabled and no additional authorization is implemented. When Raccess Authorization is enabled, the authorization level of users trying to access the console server or its ports using TACACS+ authentication is checked. Users with administrator privileges have administrative access and users with regular user privileges have regular user access.
If the authentication server does not respond to the client’s login attempt before the specified time period, the login attempt is cancelled. The user may retry depending on the number specified in the Retries field on this form.
Using an authorization method in addition to authentication provides an extra level of system security. Selecting
Security - Authentication - TACACS+ in Expert mode displays the TACACS+ form where an administrators can configure a TACACS+ authentication server and can also enable user authorization checking.
By checking the Enable Raccess Authorization checkbox, an additional level of security checking is implemented. After each user is successfully authenticated through the standard login procedure, the console server uses TACACS+ to determine whether or not each user/group is authorized to access specific serial ports.
By default the Enable Raccess Authorization is disabled allowing all users full authorization. When this feature is enabled by placing a check mark in the box, users/groups are denied access unless they have the proper authorization, which must be set on the TACACS+ authentication server itself. To see the configuration procedures for a TACACS+ authentication server, refer to the
Cyclades ACS Advanced Console Server Command Reference Guide.
Perform the following procedure to configure an LDAP authentication server when the console server or any of its ports are configured to use the LDAP authentication method or any of its variations (LDAP, LDAP/Local or LDAPDownLocal).
Work with the LDAP server administrator to ensure that the following types of accounts are set up on the LDAP server and that the administrators of the console server and the connected devices know the passwords assigned to the accounts:
Group information retrieval from an LDAP authentication server adds another layer of security by adding a network-based authorization. It retrieves the group information from the authentication server and performs an authorization through the console server.
Perform the following procedure to configure a Kerberos authentication server when the console server or any of its ports is configured to use Kerberos authentication method or any of its variations (Kerberos, Kerberos/Local or KerberosDownLocal).
Also, work with the Kerberos server’s administrator to ensure that following types of accounts are set up on the Kerberos server and that the administrators of the console server and connected devices know the passwords assigned to the accounts:
Perform the following procedure to configure a NIS authentication server when the console server or any of its ports are configured to use NIS authentication method or any of its variations (Local/NIS, NIS/Local or NISDownLocal).