Raritan Computer Home Security System 用户手册
161
In This Chapter
Authentication and Authorization (AA) Overview ..................................161
Distinguished Names for LDAP and AD................................................162
Specifying Modules for Authentication and Authorization .....................163
Establishing Order of External AA Servers ...........................................163
AD and CC-SG Overview ......................................................................164
Adding an AD Module to CC-SG...........................................................164
Editing an AD Module............................................................................168
Importing AD User Groups ....................................................................169
Synchronizing AD with CC-SG ..............................................................170
About LDAP and CC-SG .......................................................................173
Add an LDAP (Netscape) Module to CC-SG.........................................173
About TACACS+ and CC-SG................................................................177
Add a TACACS+ Module.......................................................................177
About RADIUS and CC-SG ...................................................................178
Add a RADIUS Module..........................................................................178
Distinguished Names for LDAP and AD................................................162
Specifying Modules for Authentication and Authorization .....................163
Establishing Order of External AA Servers ...........................................163
AD and CC-SG Overview ......................................................................164
Adding an AD Module to CC-SG...........................................................164
Editing an AD Module............................................................................168
Importing AD User Groups ....................................................................169
Synchronizing AD with CC-SG ..............................................................170
About LDAP and CC-SG .......................................................................173
Add an LDAP (Netscape) Module to CC-SG.........................................173
About TACACS+ and CC-SG................................................................177
Add a TACACS+ Module.......................................................................177
About RADIUS and CC-SG ...................................................................178
Add a RADIUS Module..........................................................................178
Authentication and Authorization (AA) Overview
Users of CC-SG can be locally authenticated and authorized on the CC-
SG or remotely authenticated using the following supported directory
servers:
SG or remotely authenticated using the following supported directory
servers:
•
Microsoft Active Directory (AD)
•
Netscape's Lightweight Directory Access Protocol (LDAP)
•
TACACS+
•
RADIUS
Any number of remote servers can be used for external authentication.
For example, you could configure three AD servers, two iPlanet (LDAP)
servers, and three RADIUS servers.
For example, you could configure three AD servers, two iPlanet (LDAP)
servers, and three RADIUS servers.
Only AD can be used for remote authorization of users.
LDAP implementations use LDAP v3.
Flow for Authentication
When remote authentication is enabled, authentication and authorization
follow these steps:
follow these steps:
1. The user logs into CC-SG with the appropriate username and
password.
2. CC-SG connects to the external server and sends the username and
password.
Chapter 12 Remote Authentication