Configuring Authentication Servers for Logins to the KVM/netPlus and Connected DevicesThe administrator fills out the appropriate form to set up an authentication server for every authentication method to be used by the KVM/netPlus and by any of its ports. The available authentication methods are RADIUS, TACACS+, LDAP, Kerberos, SMB/NTLM, and NIS.
RADIUS, Local/RADIUS, RADIUS/Local, or RADIUS/DownLocal TACACS+, Local/TACACS+, TACACS+/Local, or TACACS+/DownLocal LDAP, Local/LDAP, LDAP/Local, or LDAP/DownLocal Kerberos, Local/Kerberos, Kerberos/Local, or Kerberos/DownLocal NTLM (Windows NT/2000/2003 Domain), or NTLM/DownLocal NIS, Local/NIS, NIS/Local, or NIS/DownLocal Perform this procedure to identify the authentication server when the KVM/netPlus or any of its ports is configured to use the Kerberos authentication method or any of its variations (Kerberos, Local/Kerberos, Kerberos/Local, or KerberosDownLocal.)Before starting this procedure, find out the following information from the Kerberos server’s administrator:Also, work with the Kerberos server’s administrator to ensure that following types of accounts are set up on the Kerberos server and that the administrators of the KVM/netPlus and connected devices know the passwords assigned to the accounts:
• If Kerberos authentication is specified for the KVM/netPlus, accounts for all users who need to log in to the KVM/netPlus to administer connected devices.
• If Kerberos authentication is specified for KVM ports, accounts for users who need administrative access to connected devices
1. Make sure an entry for the KVM/netPlus and the Kerberos server exist in the KVM/netPlus’ /etc/hosts file.
b. Add an entry for KVM/netPlus if none exists and an entry for the Kerberos server.
i.
2. Make sure that timezone and time and date settings are synchronized on the KVM/netPlus and on the Kerberos server.Kerberos authentication depends on time synchronization. Time and date synchronization can be achieved by setting both to use the same NTP server.
b.
c. Work with the authentication server’s administrator to synchronize the time and date between the KVM/netPlus and the server.
3. Set the timezone by going to Configuration > System > Time/Date in Expert mode, as per the following figure. The default is GMT.Perform this procedure to identify the authentication server when the KVM/netPlus or any of its ports is configured to use the LDAP authentication method or any of its variations (LDAP, Local/LDAP, LDAP/Local, or LDAP/DownLocal).Before starting this procedure, find out the following information from the LDAP server’s administrator:Work with the LDAP server’s administrator to ensure that following types of accounts are set up on the LDAP server and that the administrators of the KVM/netPlus and connected devices know the passwords assigned to the accounts:
• If LDAP authentication is specified for the KVM/netPlus, accounts for all users who need to log in to the KVM/netPlus to administer connected devices.
• If LDAP authentication is specified for KVM ports, accounts for users who need administrative access to the connected devices.The “LDAP” form displays with “LDAP Server” and “LDAP Search Base” fields filled in from the current values in the /etc/ldap.conf file.
3. If the LDAP authentication server uses a different distinguished name for the search base than the one displayed in the “LDAP” Base field, change the base definition.The default distinguished name is “dc,” as in dc=value,dc=value. If the distinguished name on the LDAP server is “o,” then replace dc in the base field with o, as in o=value,o=value.For example, for the LDAP domain name cyclades.com, the correct entry is: dc=cyclades,dc=com.
6. Enter optional information in “LDAP User Name”, “LDAP Password”, and “LDAP Login Attribute” fields.The changes are stored in /etc/ldap.conf on the KVM/netPlus.Perform the following to identify the authentication server if any of the ports is configured to use the NTLM (Windows NT/2000/2003 Domain) authentication method or NTLM/Downlocal.Perform this procedure to identify the authentication server when the KVM/netPlus or any of its ports is configured to use the NIS authentication method or any of its variations (Local/NIS, NIS/Local, or NIS/DownLocal).Perform this procedure to identify the authentication server when the KVM/netPlus or any of its ports is configured to use the RADIUS authentication method or any of its variations (Local/RADIUS, RADIUS/Local, or RADIUS/DownLocal).The changes are stored in /etc/raddb/server on the KVM/netPlus.Perform this procedure to identify the authentication server when the KVM/netPlus or any of its ports is configured to use the TACACS+ authentication method or any of its variations (Local/TACACS+, TACACS+/Local, or TACACS+/DownLocal).
3. To apply “Authorization” in addition to authentication to the box and ports, select the “Enable Raccess Authorization” check box.By default “Raccess Authorization” is disabled, and no additional authorization is implemented. When “Raccess Authorization” is enabled, the authorization level of users trying to access KVM/netPlus or its ports using TACACS+ authentication is checked. Users with administrator privileges have administrative access, and users with regular user privileges have regular user access.
4. To specify a time out period in seconds for each authentication attempt, type a number in the “Timeout” field.If the authentication server does not respond to the client’s login attempt before the specified time period, the login attempt is cancelled. The user may retry depending on the number specified in the “Retries” field on this form.
5. To specify a number of times the user can request authentication verification from the server before sending an authentication failure message to the user, enter a number in the “Retries” field.
7. The changes are stored in /etc/tacplus.conf on the KVM/netPlus.