Ldap, Radius – Panasonic NN46110-600 User Manual

16 Chapter 1 Authentication services

With user- and group-specific profiles, you can group common attributes while

preserving the flexibility to make exceptions for individual users. The product

features and network access that apply to a user are controlled by the user identity,

rather than by the source IP address or another mechanism. This is necessary to

support mobile users and users coming from other organizations.

LDAP

The Lightweight Directory Access Protocol (LDAP) emerged from the X.500
directory service. LDAP is gaining acceptance as the directory model for the
Internet. Microsoft*, Netscape*, and Novell* all support LDAP in their directory

service strategies. LDAP is based on directory entries; it has an Internet person
schema that defines standard attributes and you can extend it to include other
attributes. A directory service is a central repository of user information; for

example, the VPN Router supports the following elements using LDAP:

•

groups

•

users

•

filters

•

services

RADIUS

Remote Authentication Dial-In User Services (RADIUS) is a distributed security

system that uses an authentication server to verify dial-up connection attributes
and authenticate connections. RADIUS is commonly used for remote access
authentication.

Many security systems are configured with a RADIUS front end to facilitate

remote access authentication. RADIUS is also the most common authentication

mechanism used by ISPs. Novell NDS*, Microsoft Windows NT* Domains, and

Security Dynamics ACE Server* all support RADIUS authentication. Windows

NT Domain authentication controls access to NT file servers and other resources
on NT networks. The RADIUS server provides a place to store user passwords,

because users generally remember their file server passwords.

NN46110-600