Configuring an AAA Server

This section describes how to configure an AAA server.

Creating an AAA Server

At present the AAA servers supported include local server, Radius server, Active Directory server and LDAP server.

To create a local AAA server, take the following steps:

  1. Select Objects > AAA Server from the menu bar.
  2. In the AAA Server dialog, click New, and select Local Server from the drop-down list.
  3. In the Local Server Configuration dialog, type the name into the Server name box.
  4. To specify a role mapping rule for the server, select a rule from the Role mapping rule drop-down list. With this option selected, system will allocate a role for users who have been authenticated to the server according to the specified role mapping rule.
  5. Click OK the save your settings.

To create a Radius server, take the following steps:

  1. Select Objects > AAA Server from the menu bar.
  2. In the AAA Server dialog, click the New, and select Radius Server from the drop-down list.
  3. Configure basic information for the Radius server in the Basic section.
    • Server name: Specifies a name for the Radius server.
    • Server address: Specifies an IP address or domain name for the Radius server.
    • Port: Specifies a port number for the Raidus server. The value range is 1024 to 65535. The default value is 1812.
    • Password: Specifies a password for the Raidus server.
    • Confirm password: Enter the password again to comfirm.
  4. If needed, configure optional information in the Optional section.
    • Role mapping rule: Specifies a role mapping rule for the AAA server. With this option selected, system will allocate a role for users who have been authenticated to the server according to the specified role mapping rule.
    • Backup server 1: Specifies an IP address or domain name for backup server 1.
    • Backup server 2: Specifies an IP address or domain name for backup server 2.
    • Retries: Specifies a number of retry times for the authentication packets sent to the AAA server. The value range is 1 to 10. The default value is 3.
    • Timeout: Specifies a response timeout for the server. The value range is 1 to 30 seconds. The default value is 3.
  5. Click OK the save your settings.

To create an Active Directory server, take the following steps:

  1. Select Objects > AAA Server from the menu bar.
  2. In the AAA Server dialog, click the New, and select AD Server from the drop-down list.
  3. Configure basic information for the AD server in the Basic section.
    • Server name: Specifies a name for the AD server.
    • Server address: Specifies an IP address or domain name for the AD server.
    • Port: Specifies a port number for the AD server. The value range is 1 to 65535. The default value is 389.
    • Login-dn: Specifies authentication characteristics for Login-dn (typically a user account with query privilege pre-defined by the AD server).
    • Base-dn: Specifies a Base-dn for the AD server. Base-dn is the starting point at which your search will begin when the AD server receives an authentication request.
    • Password: Specifies a password for the AD server. This should correspond to the password for Admin DN.
    • Confirm password: Enter the password again to comfirm.
  4. If needed, configure optional information in the Optional section.
    • Role mapping rule: Specifies a role mapping rule for the AAA server. With this option selected, system will allocate a role for users who have been authenticated to the server according to the specified role mapping rule.
    • Backup server 1: Specifies an IP address or domain name for backup server 1.
    • Backup server 2: Specifies an IP address or domain name for backup server 2.
    • Authentication mode: Specifies an authentication mode (either plain text or MD5). The default mode is MD5.
    • Security agent: Select the Enable check box to enable Security agent. With this function enabled, system will be able to obtain the mappings between the usernames of the domain users and IP addresses from the AD server, so that the domain users can gain access to network resources. In this way Single Sign On is implemented. Besides, by making use of the obtained mappings, system can also implement other user-based functions, like security statistics, logging, behavior auditing, etc. To enable Security agent on the AD server, you need to install and run Security Agent first on the server. After that when a domain user is logging in or logging off, Security Agent will log the user's username, IP address, current time and other information, and add the mapping between the username and IP address to system. In this way system can obtain every online user's IP address.
      Agent port - Specifies an agent port. The value range is 1025 to 65535. The default port is 6666.
      Login info timeout - Specifies a login info timeout. The value range is 0 to 1800 seconds. The default value is 300. The value of 0 indicates never timeout.
  5. Click OK the save your settings.

To create a LDAP server, take the following steps:

  1. Select Objects > AAA Server from the menu bar.
  2. In the AAA Server dialog, click the New, and select LDAP Server from the drop-down list.
  3. Configure basic information for the LDAP server in the Basic section.
    • Server name: Specifies a name for the LDAP server.
    • Server address: Specifies an IP address or domain name for the LDAP server.
    • Port: Specifies a port number for the LDAP server. The value range is 1 to 65535. The default value is 389.
    • Login-dn: Specifies authentication characteristics for Login-dn (typically a user account with query privilege pre-defined by the LDAP server).
    • Base-dn: Specifies details for Base-dn. Base-dn is the starting point at which your search will begin when the LDAP server receives an authentication request.
    • Password: Specifies a password for the LDAP server. This should correspond to the password for Admin DN.
    • Confirm password: Enter the password again to comfirm.
  4. If needed, configure optional information in the Optional section.
    • Role mapping rule: Specifies a role mapping rule for the AAA server. With this option selected, system will allocate a role for users who have been authenticated to the server according to the specified role mapping rule.
    • Backup server 1: Specifies an IP address or domain name for backup server 1.
    • Backup server 2: Specifies an IP address or domain name for backup server 2.
    • Authentication mode: Specifies an authentication mode (either plain text or MD5). The default mode is MD5.
    • Naming attribute: Specifies a naming attribute for the LDAP server. The default naming attribute is uid.
    • Member attribute: Specifies a member attribute for the LDAP server. The default member attribute is uniqueMember.
    • Group class: Specifies a group class for the LDAP server. The default class is groupofuniquenames.
  5. Click OK the save your settings.

Editing an AAA Server

To create an AAA server, take the following steps:

  1. Select Objects > AAA Server from the menu bar.
  2. In the AAA Server dialog, select the AAA server you want to edit from the server list, and click Edit. In the Local /Radius/Active Directory/LDAP Server Configuration dialog, modify according to your need.
  3. Click OK the save your changes.

Deleting an AAA Server

To delete an AAA server, take the following steps:

  1. Select Objects > AAA Server from the menu bar.
  2. In the AAA Server dialog, select the AAA server you want to edit from the server list, and click Delete.

Note: The server named local is the default AAA server and cannot be deleted.