Tripp Lite 0 Idades Manual
Here you can view all the pages of manual Tripp Lite 0 Idades Manual. The Tripp Lite manuals for Switch are available online for free. You can easily download all the documents as PDF.
Page 151
151 Chapter 9: Authentication Perform the following procedure to configure the LDAP authentication me\ thod to be used whenever the Console Server or any of its serial ports or hosts is accessed: • Select Serial and Network: Authentication and check LDAP or LocalLDAP or LDAPLocal or LDAPDownLocal • Enter the Server Address (IP or host name) of the remote Authentication server. Multiple remote servers may be specified in a comma-separated list. Each server is tried in successio\ n. • Enter the Server...
Page 152
152 Chapter 9: Authentication 9.1.5 RADIUS/TACACS user configuration Users may be added to the local Console Server appliance. If they are no\ t added and they log in via remote AAA, a user will be added for them. This user will not show up in the configurators unl\ ess they are specifically added, at which point they are transformed into a completely local user. The newly added user must authenticate via the remote AAA server, and will not have any access if it is down. If a local user logs in, they...
Page 153
153 Chapter 9: Authentication attribute, in the following format: :group_name=testgroup1,users: The above example sets the remote user as a member of testgroup1 and use\ rs if groups with those names exist on the Console Server. Any groups which do not exist on the Console Server are ignored. When setting the Framed-Filter-Id, the system may also remove the leading colon for an empty field. \ To work around this, add some dummy text to the start of the string. For example:...
Page 154
154 Chapter 9: Authentication 9.1.8 Remote groups with LDAP authentication Unlike RADIUS, LDAP has built in support for group provisioning, which m\ akes setting up remote groups easier. The console server will retrieve a list of all the remote groups that the user is a \ direct member of, and compare their names with local groups on the Console Server. Note: Any spaces in the group name will be converted to underscores. For example, in an existing Active Directory setup, a group of users may \ be...
Page 155
155 • Ensure the LDAP service is operational and group names are correct withi\ n the Active Directory Chapter 9: Authentication 9.1.9 Idle timeout You can specify amount of time in minutes the console server waits before\ it terminates an idle ssh, pmshell or web connection. • Select Serial and Network: Authentication • Web Management Session Timeout specifies the browser console session id\ le timeout in minutes. The default setting is 20 minutes • CLI Management Session Timeout specifies the...
Page 156
156 Chapter 9: Authentication 9.1.10 Kerberos authentication The Kerberos authentication can be used with UNIX and Windows (Active Directory) Kerberos servers. This form of authentication does not provide group information, so a local user with the same userna\ me must be created, and permissions set. Note: Kerberos is very sensitive to time differences between the Key Distrib\ ution Center (KDC) authentication server and the client device. Please make sure that NTP is enabled, and the time zone i\ s...
Page 157
157 Chapter 9: Authentication TACACS Example: user = tim { service = raccess { priv-lvl = 11 port1 = xxxxx/port02 port2 = 192.168.254.145/port05 } global = cleartext mit } RADIUS Example: paul Cleartext-Password := "luap" Service-Type = Framed-User, Fall-Through = No, Framed-Filter-Id=":group_name=admin" The list of groups may include any number of entries separated by a comm\ a. If the admin group is included, the user will...
Page 158
158 Chapter 9: Authentication 9.4 SSL Certificate The Console Server uses the Secure Socket Layer (SSL) protocol for encrypted network traffic between itself and a conne\ cted user. During the connection establishment the Console Server has to expose i\ ts identity to the user’s browser using a cryptographic certificate. The default certificate that comes with t\ he Console Server device upon delivery is for testing purpose only and should not be relied on for secured global access. The System...
Page 159
159 Common name This is the network name of the Console Server once it is installed in t\ he network (usually the fully qualified domain name). It is identical to the name that is used to a\ ccess the Console Server with a web browser (without the “http://” prefix). In case the\ name given here and the actual network name differ, the browser will pop up a security warning when the Console Server is \ accessed using HTTPS Organizational Unit This field is used for specifying to which department...
Page 160
160 Chapter 10: Nagios Integration Nagios is a powerful, highly extensible open source tool for monitoring \ network hosts and services. The core Nagios software package will typically be installed on a server or virtual server, the central Nagios server. Tripp Lite Console Servers can operate in conjunction with a central/upst\ ream Nagios server to provide distributing monitoring of attached network hosts and serial devices. The Console Servers can em\ bed the NSCA (Nagios Service Checks Acceptor)...