Age 128) for i – Raritan Computer DOMINION KSX II User Manual
Page 138
Chapter 7: User Management
128
4. From the KSX II, enable and configure your AD server properly. See
Implementing LDAP/LDAPS Remote Authentication.
Important Notes
Group Name is case sensitive.
The KSX II provides the following default groups that cannot be
changed or deleted: Admin and <Unknown>. Verify that your Active
Directory server does not use the same group names.
If the group information returned from the Active Directory server
does not match a KSX II group configuration, the KSX II
automatically assigns the group of <Unknown> to users who
authenticate successfully.
If you use a dialback number, you must enter the following
case-sensitive string: msRADIUSCallbackNumber.
Based on recommendations from Microsoft, Global Groups with user
accounts should be used, not Domain Local Groups.
Implementing RADIUS Remote Authentication
Remote Authentication Dial-in User Service (RADIUS) is an AAA
(authentication, authorization, and accounting) protocol for network
access applications.
To use the RADIUS authentication protocol:
1. Click User Management > Authentication Settings to open the
Authentication Settings page.
2. Click the RADIUS radio button to enable the RADIUS section of the
page.
3. Click the
icon to expand the RADIUS section of the
page.
4. In the Primary Radius Server and Secondary Radius Server fields,
type the IP address of your primary and optional secondary remote
authentication servers, respectively (up to 256 characters).
5. In the Shared Secret fields, type the server secret used for
authentication (up to 128 characters).
The shared secret is a character string that must be known by both
the KSX II and the RADIUS server to allow them to communicate
securely. It is essentially a password.
6. The Authentication Port default is port is 1812 but can be changed
as required.
7. The Accounting Port default port is 1813 but can be changed as
required.
8. The Timeout is recorded in seconds and default timeout is 1 second,
but can be changed as required.