Cisco Cisco Content Security Management Appliance M160 Guia Do Utilizador
12-16
Cisco IronPort AsyncOS 8.0 for Security Management User Guide
Chapter 12 Distributing Administrative Tasks
External User Authentication
If you store user information in an LDAP or RADIUS directory on your network, you can configure your
Cisco IronPort appliance to use the external directory to authenticate users who log in to the Security
Management appliance.
Cisco IronPort appliance to use the external directory to authenticate users who log in to the Security
Management appliance.
Note
•
Some features described in
are not available to
externally-authenticated users.
•
If your deployment uses both local and external authentication, local user names must not duplicate
externally-authenticated user names.
externally-authenticated user names.
•
If the appliance cannot communicate with the external directory, a user who has both an external
and a local account can log in with a local user account on the appliance.
and a local account can log in with a local user account on the appliance.
Configuring LDAP Authentication
To configure LDAP authentication, see
Enabling RADIUS Authentication
You can use a RADIUS directory to authenticate users and assign groups of users to Cisco IronPort roles.
The RADIUS server should support the CLASS attribute, which AsyncOS uses to assign users in the
RADIUS directory to Cisco IronPort user roles.
The RADIUS server should support the CLASS attribute, which AsyncOS uses to assign users in the
RADIUS directory to Cisco IronPort user roles.
Note
If an external user changes the user role for their RADIUS group, the user should log out of the appliance
and then log back in. The user will have the permissions of their new role.
and then log back in. The user will have the permissions of their new role.
Procedure
Step 1
On the Management Appliance > System Administration > Users page, click Enable.
Step 2
Select the Enable External Authentication check box.
Step 3
Select RADIUS for the authentication type.
Step 4
Enter the host name for the RADIUS server.
Step 5
Enter the port number for the RADIUS server. The default port number is 1812.
Step 6
Enter the Shared Secret password for the RADIUS server.
Note
When enabling external authentication for a cluster of Cisco IronPort appliances, enter the same
Shared Secret password on all appliances in the cluster.
Shared Secret password on all appliances in the cluster.
Step 7
Enter the number of seconds that the appliance waits for a response from the server before timing out.
Step 8
Select whether to use Password Authentication Protocol (PAP) or Challenge Handshake Authentication
Protocol (CHAP) for the authentication protocol.
Protocol (CHAP) for the authentication protocol.