WMI for Administrators > Configuration > Security > Configuring Authentication Servers for Logins to the KVM

Configuring Authentication Servers for Logins to the KVM
The administrator fills out the appropriate form to set up an authentication server for every authentication method to be used by the KVM. The available authentication methods are RADIUS, TACACS+, LDAP, Kerberos, SMB/NTLM, and NIS.
The following table lists the procedures that apply to each authentication method.
RADIUS, Local/RADIUS, RADIUS/Local, or RADIUS/DownLocal
TACACS+, Local/TACACS+, TACACS+/Local, or TACACS+/DownLocal
To Identify a Kerberos Authentication Server
Perform this procedure to identify the authentication server when the KVM is configured to use the Kerberos authentication method or any of its variations (Kerberos, Local/Kerberos, Kerberos/Local, or KerberosDownLocal.)
Before starting this procedure, find out the following information from the Kerberos server’s administrator:
Also, work with the Kerberos server’s administrator to ensure that following types of accounts are set up on the Kerberos server and that the administrators of the KVM and connected devices know the passwords assigned to the accounts:
If Kerberos authentication is specified for the KVM, accounts for all users who need to log in to the KVM to administer connected devices.
If Kerberos authentication is specified for KVM ports, accounts for users who need administrative access to connected devices
1.
a.
The “Host Table” form appears.
b.
i.
The “New/Modify Host” dialog appears.
ii.
iii.
iv.
2.
Kerberos authentication depends on time synchronization. Time and date synchronization can be achieved by setting both to use the same NTP server.
a.
b.
c.
Work with the authentication server’s administrator to synchronize the time and date between the KVM and the server.
3.
Set the timezone by going to Configuration > System > Time/Date in Expert mode, as per the following figure. The default is GMT.
4.
The Kerberos form displays as shown in the following figure.
Kerberos Server Authentication Form
5.
6.
To Identify an LDAP Authentication Server
Perform this procedure to identify the authentication server when the KVM or any of its ports is configured to use the LDAP authentication method or any of its variations (LDAP, Local/LDAP, LDAP/Local, or LDAP/DownLocal).
Before starting this procedure, find out the following information from the LDAP server’s administrator:
You can enter information in the following two fields, but an entry is not required:
Work with the LDAP server’s administrator to ensure that following types of accounts are set up on the LDAP server and that the administrators of the KVM and connected devices know the passwords assigned to the accounts:
If LDAP authentication is specified for the KVM, accounts for all users who need to log in to the KVM to administer connected devices.
If LDAP authentication is specified for KVM ports, accounts for users who need administrative access to the connected devices.
1.
The “LDAP” form displays with “LDAP Server” and “LDAP Search Base” fields filled in from the current values in the /etc/ldap.conf file.
LDAP Server Authentication Form
2.
3.
If the LDAP authentication server uses a different distinguished name for the search base than the one displayed in the “LDAP” Base field, change the base definition.
The default distinguished name is “dc,” as in dc=value,dc=value. If the distinguished name on the LDAP server is “o,” then replace dc in the base field with o, as in o=value,o=value.
4.
For example, for the LDAP domain name cyclades.com, the correct entry is: dc=cyclades,dc=com.
5.
6.
7.
The changes are stored in /etc/ldap.conf on the KVM.
To Configure a SMB(NTLM) Authentication Server
Perform the following to identify the authentication server if any of the ports is configured to use the NTLM (Windows NT/2000/2003 Domain) authentication method or NTLM/Downlocal.
1.
The SMB(NTLM) form displays as shown in the following figure.
SMB(NTLM) Server Configuration Form
2.
Fill in the form according to your configuration of the SMB server.
3.
4.
To Configure an NIS Authentication Server
Perform this procedure to identify the authentication server when the KVM or any of its ports is configured to use the NIS authentication method or any of its variations (Local/NIS, NIS/Local, or NIS/DownLocal).
1.
The NIS form displays as shown in the following figure.
NIS Server Authentication Form
2.
Fill in the form according to your configuration of the NIS server.
3.
4.
To Identify a RADIUS Authentication Server
Perform this procedure to identify the authentication server when the KVM or any of its ports is configured to use the RADIUS authentication method or any of its variations (Local/RADIUS, RADIUS/Local, or RADIUS/DownLocal).
1.
The RADIUS form displays as shown in the following figure.
Radius Server Authentication Form
2.
3.
4.
The changes are stored in /etc/raddb/server on the KVM.
To Identify a TACACS+ Authentication Server
Perform this procedure to identify the authentication server when the KVM or any of its ports is configured to use the TACACS+ authentication method or any of its variations (Local/TACACS+, TACACS+/Local, or TACACS+/DownLocal).
1.
The TACACS+ form appears.
Tacacs+ Server Authentication Form
2.
3.
To apply “Authorization” in addition to authentication to the box and ports, select the “Enable Raccess Authorization” check box.
By default “Raccess Authorization” is disabled, and no additional authorization is implemented. When “Raccess Authorization” is enabled, the authorization level of users trying to access KVM or its ports using TACACS+ authentication is checked. Users with administrator privileges have administrative access, and users with regular user privileges have regular user access.
4.
If the authentication server does not respond to the client’s login attempt before the specified time period, the login attempt is cancelled. The user may retry depending on the number specified in the “Retries” field on this form.
5.
To specify a number of times the user can request authentication verification from the server before sending an authentication failure message to the user, enter a number in the “Retries” field.
6.
7.
The changes are stored in /etc/tacplus.conf on the KVM.

WMI for Administrators > Configuration > Security > Configuring Authentication Servers for Logins to the KVM