Sentry Industries PT22 ユーザーズマニュアル
Setting the user search base Distinguished Name (DN)
The Set LDAP UserBaseDN command is used to set the base (DN) for the login username search. This
is where the search will start, and will include all subtrees. Maximum size is 100 characters.
is where the search will start, and will include all subtrees. Maximum size is 100 characters.
To set the user search base DN:
At the Sentry: prompt, type set ldap userbasedn and press Enter. At the following prompt, type the
search base DN and press Enter.
search base DN and press Enter.
Example
The following sets the DN user search base for MSAD to ‘cn=Users,dc=servertech,dc=com’:
Sentry: set ldap userbasedn<Enter>
Enter User Search Base DN (Max characters 100):
cn=Users,dc=servertech,dc=com<Enter>
Enter User Search Base DN (Max characters 100):
cn=Users,dc=servertech,dc=com<Enter>
Setting the user search filter
The Set LDAP UserFilter command is used to set the search filter for the username entered at the login
prompt.
prompt.
The search filter must be entered within parenthesis and adhere to the following format:
(searchfilter=%s)
where ‘searchfilter’ is the name of the attribute in the user class which has a value that represents the
user’s login name. In this string, the ‘%s’ will be replaced by the entered username. Maximum string
length is 100 characters.
user’s login name. In this string, the ‘%s’ will be replaced by the entered username. Maximum string
length is 100 characters.
To set the user search filter:
At the Sentry: prompt, type set ldap userfilter and press Enter. At the following prompt, type the
User Search Filter and press Enter.
User Search Filter and press Enter.
Example
The following sets the user search filter for MSAD to ‘samaccountname’:
Sentry: set ldap userfilter<Enter>
Enter User Search Filter (Max characters 100):
(samaccountname=%s)<Enter>
Enter User Search Filter (Max characters 100):
(samaccountname=%s)<Enter>
Setting the authentication order
The Set Authorder command sets the authentication order for remote authentication sessions. The
Sentry supports two methods for authentication order - Remote -> Local and Remote Only.
Sentry supports two methods for authentication order - Remote -> Local and Remote Only.
The Remote -> Local method first attempts authentication with the Active Directory server and if
unsuccessful with the local user database on the Sentry device.
unsuccessful with the local user database on the Sentry device.
The Remote Only method attempts authentication only with the Active Directory server and if
unsuccessful, access is denied.
unsuccessful, access is denied.
NOTE: With the Remote Only method, if authentication fails due to a communication failure with the Active Directory
server automatic authentication fallback will occur to authenticate with the local user data base on the Sentry device.
server automatic authentication fallback will occur to authenticate with the local user data base on the Sentry device.
To set the authentication order:
At the Sentry: prompt, type set authorder, followed by remotelocal or remoteonly and press Enter.
NOTE: Server Technology recommends NOT setting the authentication order to Remote Only until the LDAP has been
fully configured and tested.
fully configured and tested.
Sentry PT22
Advanced Operations
• 57
Installation and Operations Manual