D-Link DFL-860E User Manual for DFL-260E - Page 394
Usernames may need the Domain, Real-time Monitoring Statistics, LDAP Authentication CLI Commands
View all D-Link DFL-860E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 394 highlights
8.2.4. External LDAP Servers Chapter 8. User Authentication • The server does not respond within the Timeout period specified for the server. If only one server is specified then authentication will be considered to have failed. If there are alternate servers defined for the user authentication rule then these are queried next. Usernames may need the Domain With certain LDAP servers, the domain name may need to be combined with the username when the user is prompted for a username/password combination. If the domain is mydomain.com then the username for myuser might need to be specified as [email protected]. With some LDAP servers this might be myuser@domain mydomain.com\myuser or even mydomain\myuser. The format depends entirely on the LDAP server and what it expects. Real-time Monitoring Statistics The following statistics are available for real-time monitoring of LDAP server access for user authentication: • Number of authentications per second. • Total number of authentication requests. • Total number of successful authentication requests. • Total number of failed authentication requests. • Total number of invalid usernames. • Total number of invalid password. LDAP Authentication CLI Commands The CLI objects that correspond to LDAP servers used for authentication are called LDAPDatabase objects (LDAP servers used for certificate lookup are known as LDAPServer objects in the CLI). A specific LDAP server that is defined in NetDefendOS for authentication can be shown with the command: gw-world:/> show LDAPDatabase The entire contents of the database can be displayed with the command: gw-world:/> show LDAPDatabase LDAP Authentication and PPP When using a PPP based client for PPTP or L2TP access, special consideration has to be taken if LDAP authentication is to succeed with CHAP, MS-CHAPv1 or MS-CHAPv2 encryption. The two cases of (A) normal PPP authentication and (B) PPP with encryption are examined next. A. Normal LDAP Authentication Normal LDAP authentication for Webauth, XAuth, or PPP with PAP security is illustrated in the diagram below. An authentication bind request with the username and password is sent to the LDAP 394