How do I configure NFM-P remote user authentication?

Steps
Assign default external user group
 

Using an account with an assigned Security scope of command role, choose Administration→Security→NFM-P User Security from the NFM-P main menu. The NFM-P User Security - Security Management (Edit) form opens.

Select a user group in the Default External User Group panel.

Note: Do not select a user group that has the Apply Local Authentication Only parameter enabled, or remote login attempts fail.

Save your changes and close the form.

Configure remote servers
 

Using an account with an assigned Security scope of command role, choose Administration→Security→NFM-P Remote User Authentication from the NFM-P main menu. The Remote Authentication Manager (Edit) form opens.

Configure the parameters.

Configure one or more RADIUS authentication servers, as required.

  1. Click on the RADIUS tab and click Create. The SAM RADIUS Authentication Server (Create) form opens.

  2. Configure the required parameters.

  3. Save your changes.

Configure one or more TACACS+ authentication servers, as required.

  1. Click on the TACACS tab and click Create. The SAM TACACS+ Authentication Server (Create) form opens.

  2. Configure the required parameters.

  3. Save your changes.

Configure one or more LDAP authentication servers, as required.

  1. Click on the LDAP tab and click Create. The LDAP Authentication Server (Create) form opens.

  2. Configure the general parameters.

    Note: The ID value that you specify defines the server priority. For example, if multiple servers are specified, the NFM-P attempts user authentication using the server that has the lowest ID value first. If the server is unavailable, the NFM-P attempts to connect to the other specified servers, in sequence, by ID.

  3. Configure the parameters in the Lookup Credentials panel, if the LDAP server does not allow anonymous lookups.

    The Bind DN parameter specifies the LDAP attribute set that identifies a user who is authorized to perform LDAP lookups; the Bind DN password is the password of the user.

  4. Configure the parameters in the User Lookup Settings panel.

    The Base DN parameter specifies the LDAP context for username and password lookup; for example, ou=People,dc=MyCompany,dc=org.

    The Base Filter parameter specifies a filter for the username query. The parameter format is the following:

    (attribute={USERNAME})

    where

    attribute is the LDAP attribute that contains the username

    The NFM-P replaces {USERNAME} with the username provided during a login attempt; for example, (cn={USERNAME}) maps the “cn” LDAP attribute to the username.

  5. If the LDAP server has user role information and is to provide the name of a user group, configure the parameters in the Group Lookup Settings panel.

    Note: The user group name that an LDAP server provides must match the name of a valid NFM-P user group; otherwise, an authenticated user is assigned to the default external user group.

    The Group DN parameter specifies the LDAP context for group lookup; for example:

    ou=Roles,dc=MyCompany,dc=org

    The Group Filter parameter format is one of the following:

    • simple; the NFM-P replaces {1} with the DN of the user LDAP record

      (attribute={1})

    where attribute is the LDAP attribute that contains the DN

    • compound; the NFM-P replaces {USERNAME} with the username provided during a login attempt

      (&(any_attribute=string)(user_attribute={USERNAME}))

    where

    any_attribute is an LDAP attribute

    string is the attribute value to match

    user_attribute is the LDAP attribute that contains the username

    The Attribute ID parameter specifies one of the following:

    • the LDAP attribute name that maps to an NFM-P group name

    • the DN of the query context, if the Attribute is DN? parameter is selected; the “name” attribute in the record maps to an NFM-P group name

  6. Save your changes.

Close the Remote Authentication Manager (Edit) form.

End of steps