Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160

If you store user information in an LDAP or RADIUS directory on your network, you can configure your 
Cisco IronPort appliance to use the external directory to authenticate users who log in to the Security 
Management appliance. 

Some features described in 

 are not available to 

externally-authenticated users. 

If your deployment uses both local and external authentication, local user names must not duplicate 
externally-authenticated user names. 

If the appliance cannot communicate with the external directory, a user who has both an external 
and a local account can log in with a local user account on the appliance. 

To configure LDAP authentication, see 

You can use a RADIUS directory to authenticate users and assign groups of users to Cisco IronPort roles. 
The RADIUS server should support the CLASS attribute, which AsyncOS uses to assign users in the 
RADIUS directory to Cisco IronPort user roles. 

If an external user changes the user role for their RADIUS group, the user should log out of the appliance 
and then log back in. The user will have the permissions of their new role. 

On the Management Appliance > System Administration > Users page, click Enable. 

Select the Enable External Authentication check box.

Select RADIUS for the authentication type.

Enter the host name for the RADIUS server.

Enter the port number for the RADIUS server. The default port number is 1812.

Enter the Shared Secret password for the RADIUS server.

When enabling external authentication for a cluster of Cisco IronPort appliances, enter the same 
Shared Secret password on all appliances in the cluster.

Enter the number of seconds that the appliance waits for a response from the server before timing out.

Select whether to use Password Authentication Protocol (PAP) or Challenge Handshake Authentication 
Protocol (CHAP) for the authentication protocol.