Dell PowerConnect W Clearpass 100 Software 3.9 Deployment Guide - Page 174
Testing External Authentication Servers, Test Username
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 174 highlights
For example, to implement the following configuration: Members of the Domain Admins group should be mapped to RADIUS role ID 4 Members of the Users group should be mapped to RADIUS role ID 5 All other users should be rejected Select the authorization method Use PHP code to assign a user role (Advanced) and use the following code: if (in_array('CN=Domain Admins,CN=Users,DC=server,DC=local', $user['memberof'])) return 4; if (in_array('CN=Users,CN=Builtin,DC=server,DC=local', $user['memberof'])) return 5; return false; Explanation: During user authorization, the 'memberOf' attribute of the user (which will contain a list of the groups to which the user belongs) is checked against the defined rules, and an appropriate role ID is returned. If no match is found, false is returned, which means that authorization fails and the user's AccessRequest will be rejected. The in_array() comparison is done in a case-sensitive manner. Be sure to use the correct case as returned by the LDAP query for the group name. Also note that the complete distinguished name (DN) for the group must be specified, as this is the value checked for in the array of values returned for the 'memberOf' attribute. The primary group of a user assigned in Active Directory cannot be checked in this way, as Active Directory does not return the primary group in the values of the 'memberOf' attribute. You can build logic that uses the $user['primarygroupid'] property instead to work around this issue. Testing External Authentication Servers The Test Authentication option for a server may be used to check the connection to an authentication server, or verify the authorization rules that have been configured. To test an authentication server, click its Test Authentication link on the Edit Authentication Server form. The server's row expands to include the Test Authentication form. 1. In the Test Username and Test Password fields, enter the information for a user's credentials stored on the server. 2. (Optional) To view additional details-for example, authentication rules, or account status or permitted limits-mark the Show detailed authorization info check box in the Advanced row. 3. Click the Run Test button. A progress bar is shown during the test, and results are displayed below the Test Authentication form. 174 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide