What are the remote authentication server parameters?
Purpose
This topic provides descriptions for parameters on LDAP, RADIUS and TACACS server configurations.
LDAP parameters
|
Connection URL |
Connection URL to LDAP server |
|
Type |
Authenticated or AD |
|
Priority |
Where multiple LDAP servers are configured, the priority determines the order in which LDAP servers are used for user validation. Lowest number is highest priority. |
|
Timeout |
Timeout interval for receiving response from server, in milliseconds |
|
Bind DN |
DN for the LDAP admin |
|
Bind Credential |
Password for LDAP admin |
|
Username LDAP Attribute |
Name of the LDAP attribute for user name |
|
RDN LDAP Attribute |
Name of LDAP attribute used as RDN of typical user DN |
|
UUID LDAP Attribute |
Name of LDAP attribute used as unique object identifier |
|
User Object Classes |
All values of object classes for users |
|
Search Scope |
User search is one level or subtree in LDAP server |
|
User DN |
Full DN of LDAP tree where your users are located |
|
User Filter |
Additional LDAP filter for filtering searched users |
|
Groups LDAP Filter |
Additional filter for group search |
|
Group Name LDAP Attribute |
Name of LDAP attribute used on group objects |
|
Group DN |
DN where groups are located in LDAP tree |
|
Preserve Group Inheritance |
Set to Disabled for flat user group structure |
|
Group Membership Attribute Type |
Set to DN or UID DN specifies that group members are declared in their full distinguished name format. UID specifies that group members are declared in user ID format. If you set UID format, the Preserve Group Inheritance option is disabled. |
|
Group Object Classes |
Object classes for group records |
|
Group Membership LDAP Attribute |
Name of LDAP attribute on group used for membership mappings |
|
Group Membership User LDAP Attribute |
Name of LDAP attribute on the user used for membership mappings |
|
Group MemberOf LDAP Attribute |
Name of LDAP attribute on LDAP user which contains the groups |
RADIUS parameters
|
Address |
IP address or hostname with port |
|
RADIUS Shared Secret |
Shared secret to connect with RADIUS server |
|
Timeout |
Timeout interval for receiving response from server, in milliseconds |
|
Retry Count |
Maximum number of attempts for connecting to RADIUS server |
|
Protocol |
PAP or CHAP |
|
Vendor ID |
Vendor ID in RADIUS, integer |
|
Role VSA ID |
Role ID in RADIUS, integer |
|
NAS ID |
Network access server ID (optional) |
|
NAS IP |
Network access server IPv4 address (optional) |
|
NAS IP V6 |
network access server IPv6 address (optional) |
TACACS parameters
|
Address |
IP address or hostname with port |
|
TACACS Shared Secret |
Shared secret to connect with TACACS server |
|
Timeout |
Timeout for receiving response from server, in milliseconds |
|
Protocol |
PAP or CHAP |
|
Enable VSA |
A user group attribute is expected in authentication response from TACACS |
|
Default group |
Default user group for TACACS users (if Enable VSA = false) |
|
Role VSA ID |
Role used for VSA search (if Enable VSA = true) |
|
VSA Service ID |
VSA search service identifier (if Enable VSA = true) |