Configuring ldap authentication – Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual

Brocade Mobility 5181 Access Point Product Reference Guide

169

53-1002516-01

Configuring user authentication

6

CAUTION

If you have imported a Server or CA certificate, the certificate will not be saved when updating the
access point’s firmware. Export your certificates before upgrading the access point’s firmware.
From the access point CLI, use the admin(system.cmgr)> expcert command to export the
certificate to a secure location.Use the Radius Client Authentication table to configure multiple
shared secrets based on the subnet or host attempting to authenticate with the Radius server.
Use the Add button to add entries to the list. Modify the following information as needed within
the table.

4. Click Apply to save any changes to the Radius Server screen. Navigating away from the screen

without clicking Apply results in all changes to the screen being lost.

5. Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the

settings displayed on the Radius Server screen to the last saved configuration.

6. Click Logout to securely exit the Access Point applet. A prompt displays confirming the logout

before the applet is closed.

Configuring LDAP authentication

When the Radius Data Source is set to use an external LDAP server (see

“Configuring the Radius

server”

on page 167), the LDAP screen is used to configure the properties of the external LDAP

server.

To configure the LDAP server:

1. Select System Configuration -> User Authentication -> RADIUS Server -> LDAP from the menu

tree.

NOTE

For the onboard Radius server to work with Windows Active Directory or open LDAP as the
database, the user has to be present in a group within the organizational unit. The same group
must be present within the onboard Radius server’s database. The group configured within the
onboard Radius server is used for group policy configuration to support a new Time Based Rule
restriction feature.

Subnet/Host

Defines the IP address of the subnet or host that will be
authenticating with the Radius server. If a WLAN has been created
to support mesh networking, then enter the IP address of mesh
client bridge in order for the Client to authenticate with a base
bridge.

Netmask

Defines the netmask (subnet mask) of the subnet or host
authenticating with the Radius server.

Shared Secret

Click the Passwords button and set a shared secret used for each
host or subnet authenticating against the RADIUS server. The
shared secret can be up to 7 characters in length.