Stimmen - 3, Durchschnittliche Bewertung: 3.3
(
)
)
|
Anleitung Zusammenfassung
The default is 389, as stated in the LDAP specification. If you do not know the port number, you can find this information by viewing those properties on the LDAP server. If you want to use secure authentication, port 636 is usually used. c. To specify that Cisco Secure ACS should use LDAP version 3 to communicate with your LDAP database, select the LDAP Version check box. If the LDAP Version check box is not selected, Cisco Secure ACS uses LDAP version 2. d. The username and password credentials are normally passed over the network to the LDAP directory in clear text. To enhance security, select the Use secure authentication check box. e. In the Certificate Database Path box, type the path to the cert7.db file, which contains the certificates for the server to be queried and the trusted CA. f. The Admin DN box requires the fully qualified (DN) of the administrator; that is, the LDAP account which, if bound to, permits searches for all required users under the User Directory Subtree. In the Admin DN box, type the following information from your LDAP server: uid=user id,[ou=organizational unit,] [ou=next organizational unit]o=organization where user id is the username organizational unit is the last level of the tree next organizational unit is the next level up the tree. Note If you did not select the On Timeout Use Secondary check box, you do 13-48 User Guide for Cisco Secure ACS for Windows Server 78-16592-01 Chapter 13 User Databases Novell NDS Database For example: uid=joesmith,ou=members,ou=administrators,o=cisco Tip If you are using Netscape DS as your LDAP software, you can copy this information from the Netscape Console. For more information, refer to your LDAP database documentation. g. In the Password box, type the password for the administrator account specified in the Admin DN box. Password case sensitivity is determined by the server. Step 21 Click Submit. Cisco Secure ACS saves the generic LDAP configuration you created. You can now add it to your Unknown User Policy or assign specific user accounts to use this database for authentication. For more information about the Unknown User Policy, see About Unknown User Authentication, page 15-4. For more information about configuring user accounts to authenticate using this database, see Chapter 7, “User Management”. Novell NDS Database Cisco Secure ACS supports user authentication with Novell NetWare Directory Services (NDS) servers. This section contains the following topics: • About Novell NDS User Databases, page 13-50 • User Contexts, page 13-51 • Novell NDS External User Database Options, page 13-52 • Configuring a Novell NDS External User Database, page 13-53 78-16592-01 User Guide for Cisco Secure ACS for Windows Server 13-49 Chapter 13 User Databases Novell NDS Database About Novell NDS User Databases Cisco Secure ACS supports ASCII, PAP, and PEAP(EAP-GTC) authentication with Novell NetWare Directory Services (NDS) servers. To use NDS authentication, you must have a Novell NDS database. Other authentication protocols are not supported with Novell NDS external user databases. Note Authentication protocols not supported with Novell NDS external user databases may be supported by another type of external user database. For more information about authentication protocols and the external database types that support them, see Authentication Protocol-Database Compatibility, page 1-10. Cisco Secure ACS supports group mapping for unknown users by requesting group membership information from Novell NDS user databases. For more information about group mapping for users authenticated with a Novell NDS user database, see Group Mapping by Group Set Membership, page 16-4. Note Aside from user group membership information, Cisco Secure ACS retrieves no user settings from Novell NDS databases; however, Cisco Secure ACS enforces password restrictions, login restrictions, time restrictions, and account restrictions for each user. Cisco Secure ACS accomplishes this by interpreting authentication responses received from a Novell NDS database. Cisco Secure ACS does not enforce address restrictions. Configuring Cisco Secure ACS to authenticate against an NDS database does not affect the configuration of the NDS database. To manage your NDS database, refer to your NDS database documentation. Some versions of Novell NDS provide standard LDAP implementations. If your Novell NDS supports standard LDAP and you have implemented standard LDAP, you should configure a Cisco Secure ACS generic LDAP external user database to authenticate users defined in your Novell NDS. For more information about generic LDAP external user databases, see Generic LDAP, page 13-32. To authenticate users with a Novell NDS database, Cisco Secure ACS depends upon Novell Requestor. Novell Requestor must be installed on the same Windows server as Cisco Secure ACS. You can download the Requestor software from the Novell website. For more information, refer to your Novell and Microsoft documentati...