Home > Tripp Lite > Switch > Tripp Lite 0 Idades Manual

Tripp Lite 0 Idades Manual

Here you can view all the pages of manual Tripp Lite 0 Idades Manual. The Tripp Lite manuals for Switch are available online for free. You can easily download all the documents as PDF.

Page 151

151
Chapter 9: Authentication
Perform the following procedure to configure the LDAP authentication me\
thod to be used whenever the Console Server or any 
of its serial ports or hosts is accessed:
• Select Serial and Network: Authentication and check LDAP or LocalLDAP or LDAPLocal or LDAPDownLocal  
• Enter the Server Address (IP or host name) of the remote Authentication server. Multiple remote servers may be 
specified in a comma-separated list. Each server is tried in successio\
n. 
• Enter the Server...

Page 152

152
Chapter 9: Authentication
9.1.5 RADIUS/TACACS user configuration 
Users may be added to the local Console Server appliance. If they are no\
t added and they log in via remote AAA, a user will 
be added for them. This user will not show up in the configurators unl\
ess they are specifically added, at which point they are 
transformed into a completely local user. The newly added user must authenticate via the remote AAA server, and will not have 
any access if it is down.
If a local user logs in, they...

Page 153

153
Chapter 9: Authentication
attribute, in the following format:
:group_name=testgroup1,users:
The above example sets the remote user as a member of testgroup1 and use\
rs if groups with those names exist on the 
Console Server. Any groups which do not exist on the Console Server are ignored.
When setting the Framed-Filter-Id, the system may also remove the leading colon for an empty field. \
 To work around this, add 
some dummy text to the start of the string.  For example:...

Page 154

154
Chapter 9: Authentication
9.1.8 Remote groups with LDAP authentication
Unlike RADIUS, LDAP has built in support for group provisioning, which m\
akes setting up remote groups easier. The console 
server will retrieve a list of all the remote groups that the user is a \
direct member of, and compare their names with local 
groups on the Console Server. 
Note: Any spaces in the group name will be converted to underscores.
For example, in an existing Active Directory setup, a group of users may \
be...

Page 155

155
• Ensure the LDAP service is operational and group names are correct withi\
n the Active Directory
Chapter 9: Authentication
9.1.9  Idle timeout
You can specify amount of time in minutes the console server waits before\
 it terminates an idle ssh, pmshell or web connection.  
 
• Select Serial and Network: Authentication
• Web Management Session Timeout specifies the browser console session id\
le timeout in minutes. The default setting is 
20 minutes
• CLI Management Session Timeout specifies the...

Page 156

156
Chapter 9: Authentication
9.1.10  Kerberos authentication 
The Kerberos authentication can be used with UNIX and Windows (Active Directory) Kerberos servers. This form of authentication 
does not provide group information, so a local user with the same userna\
me must be created, and permissions set.
Note: Kerberos is very sensitive to time differences between the Key Distrib\
ution Center (KDC) authentication server and the 
client device. Please make sure that NTP is enabled, and the time zone i\
s...

Page 157

157
Chapter 9: Authentication
TACACS Example:
user = tim {
   service = raccess {
        priv-lvl = 11
        port1 = xxxxx/port02
        port2 = 192.168.254.145/port05
   }
   global = cleartext mit
}
RADIUS Example:
paul    Cleartext-Password := "luap"
         Service-Type = Framed-User,
         Fall-Through = No,
         Framed-Filter-Id=":group_name=admin"
The list of groups may include any number of entries separated by a comm\
a. If the admin group is included, the user will...

Page 158

158
Chapter 9: Authentication
9.4 SSL Certificate 
The Console Server uses the Secure Socket Layer (SSL) protocol for encrypted network traffic between itself and a conne\
cted 
user. During the connection establishment the Console Server has to expose i\
ts identity to the user’s browser using a 
cryptographic certificate. The default certificate that comes with t\
he Console Server device upon delivery is for testing purpose 
only and should not be relied on for secured global access.
 
The System...

Page 159

159
Common name   This is the network name of the Console Server once it is installed in t\
he network (usually 
the fully   
qualified domain name). It is identical to the name that is used to a\
ccess the Console Server 
with a web browser (without the “http://” prefix). In case the\
 name given here and the actual 
network name differ, the browser will pop up a security warning when the Console Server is \
accessed using HTTPS
Organizational Unit  This field is used for specifying to which department...

Page 160

160
Chapter 10: Nagios Integration
Nagios is a powerful, highly extensible open source tool for monitoring \
network hosts and services. The core Nagios software 
package will typically be installed on a server or virtual server, the central Nagios server.
Tripp Lite Console Servers can operate in conjunction with a central/upst\
ream Nagios server to provide distributing monitoring 
of attached network hosts and serial devices. The Console Servers can em\
bed the NSCA (Nagios Service Checks Acceptor)...
Start reading Tripp Lite 0 Idades Manual

Related Manuals for Tripp Lite 0 Idades Manual

All Tripp Lite manuals