Configuring an ldap server configuration – Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 662
650
Brocade Mobility RFS Controller System Reference Guide
53-1003099-01
11
2. Enter the Proxy server retry delay time in the Proxy Retry Delay field. Enter a value from 5 -10
seconds. This is the interval the RADIUS server waits before making an additional connection
attempt. The default delay interval is 5 seconds.
3. Enter the Proxy server retry count value in the Proxy Retry Count field. Set from 3 - 6 to define
the number of retries sent to the proxy server before giving up the request. The default retry
count is 3 attempts.
4. Select the + Add Row button to add a RADIUS server proxy realm name and network address.
To delete a proxy server entry, select the Delete icon on the right-hand side of the table entry.
5. Enter the realm name in the Realm Name field. The realm name cannot exceed 50 characters.
When the RADIUS server receives a request for a user name with a realm, the server
references a table of realms. If the realm is known, the server proxies the request to the
RADIUS server.
6. Enter the Proxy server IP address in the IP Address field. This is the address of server checking
the information in the user access request and either accepting or rejecting the request on
behalf of the local RADIUS server.
7. Enter the TCP/IP port number for the server that acts as a data source for the proxy server in
the Port Number field. Use the spinner to select a value between 1024 - 65535. The default
port is 1812.
8. Enter the RADIUS client shared secret password in the Shared Secret field. This password is for
authenticating the RADIUS proxy.
Select the Show checkbox to expose the shared secret’s actual character string, leaving
the option unselected displays the shared secret as a string of asterisks (*).
9. Click the OK button to save the changes. Click the Reset button to revert to the last saved
configuration.
Configuring an LDAP Server Configuration
Administrators have the option of using RADIUS server resources to authenticate users against an
external LDAP server resource. Using an external LDAP user database allows the centralization of
user information and reduces administrative user management overhead making the RADIUS
authorization process more secure and efficient.
RADIUS is not just a database. It’s a protocol for asking intelligent questions to a user database
(like LDAP). LDAP however is just a database of user credentials that can be used optionally with
the RADIUS server to free up resources and manage user credentials from a secure remote
location. Local RADIUS resources provide the tools to perform user authentication and authorize
users based on complex checks and logic. There’s no way to perform such complex authorization
checks from a LDAP user database alone.
To configure an LDAP server configuration for use with the RADIUS server:
1. Select the LDAP tab from the RADIUS Server screen.