Dell PowerConnect W Clearpass 100 Software External Authentication Servers Sof - Page 4

External Authentication Servers

Get Dell PowerConnect W Clearpass 100 Software PDF manuals and user guides View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals

Page 4 highlights

1 External Authentication Servers About RADIUS Authentication Servers Authentication is the verification of a user's credentials, typically a username and password. Many networks have more than one place where user credentials are stored. Networks that have different types of user, geographically separate systems, or networks created by integrating different types of systems are all situations where user account information can be spread across several places. However, network access equipment is often shared between all of these users. This requires that different authentication sources be integrated for use by the network infrastructure. The Amigopod RADIUS server supports multiple external authentication servers, allowing user accounts from different places to be authenticated using a common industry-standard interface (RADIUS requests). Types of authentication server An authentication server may be one of four types: • Local user database - User accounts defined in Amigopod Guest Manager • Microsoft Active Directory - User accounts defined in a forest or domain and authenticated by the domain controller • LDAP server (Lightweight Directory Access Protocol) - User accounts stored in a directory • Proxy RADIUS server - User accounts authenticated by another RADIUS server Authorization for external authentication servers Authorization controls the type of access that an authenticated user is permitted to have. In the context of a RADIUS request being processed by the server, there are two aspects to user authorization: • Is the user allowed? Yes/no decisions can be made in the context of authorization. Examples: user account not enabled; user account expired; user account exceeded a traffic quota within a certain time window. • What are the user's permitted limits? These are not yes/no decisions, but might involve a calculation based on previous usage (e.g. via the accounting-based authorization functions), or based on properties of a user account (e.g. maximum session lifetime is based on the expiration time for the account) Each type of authentication server has different methods for determining user authorization: • No authorization - Authenticate only may be used to provide a basic user authentication service. The RADIUS server will respond with an Access-Accept or Access-Reject for the authentication attempt. Only RADIUS attributes directly related to user authentication will be returned; all other attributes will be ignored. 4| External Authentication Servers Amigopod |Technical Note

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
4
| External Authentication Servers
Amigopod
|Technical Note
1
External Authentication Servers
About RADIUS Authentication Servers
Authentication
is the verification of a user’s credentials, typically a username and password.
Many networks have more than one place where user credentials are stored. Networks that have
different types of user, geographically separate systems, or networks created by integrating
different types of systems are all situations where user account information can be spread across
several places.
However, network access equipment is often shared between all of these users. This requires that
different authentication sources be integrated for use by the network infrastructure.
The Amigopod RADIUS server supports multiple external authentication servers, allowing user
accounts from different places to be authenticated using a common industry-standard interface
(RADIUS requests).
Types of authentication server
An authentication server may be one of four types:
Local
user database — User accounts defined in Amigopod Guest Manager
Microsoft Active Directory — User accounts defined in a forest or domain and
authenticated by the domain controller
LDAP server (Lightweight Directory Access Protocol) — User accounts stored in a
directory
Proxy RADIUS server
— User accounts authenticated by another RADIUS server
Authorization for external authentication servers
Authorization controls the type of access that an authenticated user is permitted to have.
In the context of a RADIUS request being processed by the server, there are two aspects to user
authorization:
Is the user allowed?
Yes/no decisions can be made in the context of authorization.
Examples: user account not enabled; user account expired; user account exceeded a traffic
quota within a certain time window.
What are the user’s permitted limits? These are not yes/no decisions, but might involve a
calculation based on previous usage (e.g. via the accounting-based authorization functions), or
based on properties of a user account (e.g. maximum session lifetime is based on the
expiration time for the account)
Each type of authentication server has different methods for determining user authorization:
No authorization
— Authenticate only may be used to provide a basic user authentication
service. The RADIUS server will respond with an Access-Accept or Access-Reject for the
authentication attempt. Only RADIUS attributes directly related to user authentication will be
returned; all other attributes will be ignored.