Home » Lantronix Manuals » Electronics Accessories » Lantronix EMG 8500 » Manual Viewer

Lantronix EMG 8500 EMG User Guide - Page 306

Bind with Login, User Login Attribute

Add to My Manuals
Save this manual to your list of manuals

Page 306 highlights

14: User Authentication 2. Enter the following: Enable LDAP Displays selected if you enabled this method on the first User Authentication page. If you want to set up this authentication method but not enable it immediately, clear the checkbox. Server #1 (or Server #2) The IPv4 or IPv6 address or host name of the primary and secondary LDAP servers. The secondary LDAP server will be used for authentication in the event that the primary LDAP server cannot be reached. Port Number of the TCP port on the LDAP server to which the EMG talks. The default is 389. Base The name of the LDAP search base (e.g., dc=company, dc=com). May have up to 80 characters. Bind Name The name for a non-anonymous bind to an LDAP server. This item has the same format as LDAP Base. One example is cn=administrator,cn=Users,dc=domain,dc=com Bind Password / Retype Password Password for a non-anonymous bind. This entry is optional. Acceptable characters are a-z, A-Z, and 0-9. The maximum length is 127 characters. Bind with Login Select to bind with the login and password that a user is authenticating with. This requires that the Bind Name contain the $login token, which will be replaced with the current login. For example, if the Bind Name is uid=$login,ou=People,dc=lantronix,dc=com, and user roberts logs into the EMG, LDAP will bind with uid=roberts,ou=People,dc=lantronix,dc=com and the password entered by roberts. User Login Attribute The attribute used by the LDAP server for user logins. If nothing is specified for the user filter, the EMG unit will use "uid". For AD LDAP servers, the attribute for user logins is typically "sAMAccountName". Group Filter Objectclass The objectclass used by the LDAP server for groups. If nothing is specified for the group filter, the EMG will use "posixGroup". For AD LDAP servers, the objectclass for groups is typically "Group". Group Member Attribute The attribute used by the LDAP server for group membership. This attribute may be use to search for a name (ie, "msmith") or a Distinguished Name (ie, "uid=msmith,ou=People,dc=lantronix,dc=com"). Select either Name or DN as appropriate for the LDAP server. If nothing is specified for the group membership attribute, the EMG unit will use "memberUID" for name and "uniqueMember" for DN. For AD LDAP servers, the Group Membership Value is typically DN, with the Group Membership Attribute of "member". Group Member Value The attribute used by the LDAP server for group membership. This attribute may be use to search for a name (ie, "msmith") or a Distinguished Name (ie, "uid=msmith,ou=People,dc=lantronix,dc=com"). Select either Name or DN as appropriate for the LDAP server. If nothing is specified for the group membership attribute, the EMG will use "memberUID" for name and "uniqueMember" for DN. For AD LDAP servers, the Group Membership Value is typically DN, with the Group Membership Attribute of "member". Use LDAP Schema Select the check box to obtain remote user attributes (group/permissions and port access) from an Active Directory server's scheme via the user attribute 'Secure LantronixPerms' (see details below). Disabled by default. Active Directory Support Select to enable. Active Directory is a directory service from Microsoft that is a part of Windows 2000 and later versions of Windows. It is LDAP- and Kerberoscompliant. Disabled by default. EMG™ Edge Management Gateway User Guide 306

Section	Page
EMG™ Edge Management Gateway User Guide	1
EMG 8500	1
EMG 7500	1
Intellectual Property	2
Warranty	2
Contacts	2
Open Source Software	2
Disclaimer & Revisions	3
Revision History	4
Table of Contents	5
List of Figures	16
List of Tables	20
1: About this Guide	21
Purpose and Audience	21
Summary of Chapters	21
Additional Documentation	22
2: Introduction	23
EMG 8500 Overview	23
EMG 7500 Overview	24
Key Features	24
Console Management	24
Performance Monitoring	25
Security	25
Power	25
Integration with Lantronix ConsoleFlow™	25
Applications	25
Protocol Support	26
Configuration Methods	26
Product Information Label	27
EMG 8500 Hardware Components	28
EMG 7500 Hardware Components	29
System Features	30
Access Control	30
Device Port Buffer	30
Console Port Interface	30
Device Port Interfaces	31
I/O Modules	32
Network Connections	32
Connectivity Modules	34
Front Panel LEDs	35
Digital IO Port	35
3: EMG 8500 Installation	37
EMG 8500 Package Contents	37
Order Information	38
User Supplied Items	38
Customize an EMG	38
Hardware Specifications	39
Physical Installation	40
Rack Mount Installation	41
Wall Mount Installation	42
Connecting to a Device Port	44
Modular Expansion for I/O Module Bays	45
Connecting to Network Ports	46
Modular Expansion for Connectivity Module Bays	46
Connecting Terminals	47
Power Input	48
I/O Module Installation	49
Connectivity Module Installation	50
Modem Installation	52
4: EMG 7500 Installation	53
EMG 7500 Package Contents	53
Order Information	53
User Supplied Items	53
Hardware Specifications	54
Physical Installation	55
Rack Mount Installation	56
Wall Mount Installation	57
Connecting to a Device Port	58
Connecting to Network Ports	60
Connecting Terminals	60
Power Input	61
Modem Installation	62
5: Quick Setup	63
Recommendations	63
IP Address	63
Lantronix Provisioning Manager	64
Method #1 Quick Setup on the Web Page	64
Network Settings	66
Date & Time Settings	67
Administrator Settings	67
Method #2 Quick Setup on the Command Line Interface	68
Next Step	71
Limiting Sysadmin User Access	71
6: Web and Command Line Interfaces	72
Web Manager	72
Logging in	74
Logging Out	75
Web Page Help	75
Command Line Interface	75
Logging In	75
Logging Out	76
Command Syntax	76
Command Line Help	76
Tips	76
General CLI Commands	77
7: Networking	79
Requirements	79
Network Port Settings	80
Ethernet Interfaces (Eth1 and Eth2)	83
Hostname & Name Servers	85
DNS Servers	85
DHCP-Acquired DNS Servers	85
TCP Keepalive Parameters	86
Gateway	86
Fail-Over Settings	87
Fail-Over Cellular Gateway Configuration	89
Advanced Cellular Gateway Configuration	90
Fail-Over Cellular Gateway Firmware	91
Load Cellular Gateway Firmware Options	91
Ethernet Counters	92
Network Commands	92
Cellular Modem Settings	93
Cellular Interface	94
Cellular Modem Configuration	94
Cellular Modem Firmware	94
Load Cellular Modem Firmware Options	95
Cellular Status	95
Cellular Modem Commands	96
Wireless Settings	97
Wireless Overview	97
Wireless Firmware	99
Troubleshooting	100
Wireless Client Settings	101
Wireless Access Point Settings	108
IP Filter	111
Viewing IP Filters	111
Mapping Rulesets	111
Enabling IP Filters	112
Configuring IP Filters	113
Rule Parameters	114
Updating an IP Filter	115
Deleting an IP Filter	115
IP Filter Commands	115
Routing	116
Dynamic Routing	116
Static Routing	116
Routing Commands	117
VPN Settings	117
Sample ipsec.conf Files	128
VPN Commands	133
Security	134
Performance Monitoring	137
Performance Monitoring - Add/Edit Probe	140
Performance Monitoring - Results	143
Performance Monitoring Commands	147
FQDN List	147
8: Services	148
System Logging and Other Services	148
SSH/Telnet/Logging	148
System Logging	149
Audit Log	150
SSH	150
Telnet	151
Web SSH/Web Telnet Settings	151
SMTP	151
SSH Commands	152
Logging Commands	152
SNMP	152
v1/v2c Communities	156
Version 3	156
V3 User Read-Only	157
V3 User Read-Write	157
V3 User Trap	157
Version 3 TLS (over TCP)	157
Services Commands	159
NFS and SMB/CIFS	160
SMB/CIFS Share	161
NFS and SMB/CIFS Commands	161
Secure Lantronix Network	162
Browser Issues	164
Troubleshooting Browser Issues	165
Web SSH/Telnet Copy and Paste	167
Secure Lantronix Network Commands	167
Date and Time	168
Date and Time Commands	169
Web Server	170
Admin Web Commands	172
Services - SSL Certificate	172
Services - Web Sessions	175
ConsoleFlow	176
ConsoleFlow Commands	180
9: USB/SD Card Port	181
Set up USB/SD Card Storage	181
Manage Files	184
USB Commands	185
SD Card Commands	185
10: Device Ports	186
Connection Methods	186
Permissions	186
I/O Modules	187
Device Status	188
Device Ports	188
Telnet/SSH/TCP in Port Numbers	190
Device Port Global Commands	190
Device Ports - Settings	191
Device Port Settings	193
IP Settings	195
Data Settings	196
Hardware Signal Triggers	197
Modem Settings (Device Ports)	198
Modem Settings: Text Mode	199
Modem Settings: PPP Mode	200
Port Status and Counters	201
Device Ports - Power Management	201
Device Port - Sensorsoft Device	204
Device Port Commands	206
Device Commands	206
Interacting with a Device Port	207
Device Ports - Logging and Events	208
Local Logging	208
NFS File Logging	208
USB and SD Card Logging	208
Token/Data Detection	209
Syslog Logging	209
Token & Data Detection	210
Local Logging	212
Log Viewing Attributes	212
NFS File Logging	212
USB / SD Card Logging	212
Syslog Logging	212
Logging Commands	213
Console Port	213
Console Port Commands	214
Internal Modem Settings	215
Internal Modem Commands	219
DIO Port	219
DIO Commands	220
Xmodem	221
Xmodem Commands	223
Host Lists	224
Host Parameters	224
Host List Commands	227
Sites	228
Site Commands	230
Modem Dialing States	231
Dial In	231
Dial-back	231
Dial-on-demand	232
Dial-in & Dial-on-demand	232
Dial-back & Dial-on-demand	233
CBCP Server and CBCP Client	234
CBCP Server	234
CBCP Client	234
Key Sequences	235
11: Remote Power Managers	236
Devices - RPMs	236
RPMs - Add Device	239
RPMs - Manage Device	242
RPMs - Outlets	246
RPM Shutdown Procedure	246
Optimizing and Troubleshooting RPM Behavior	248
RPM Commands	249
12: Scripts	250
Script Commands	255
Batch Script Syntax	256
Interface Script Syntax	257
Primary Commands	258
Secondary Commands	259
Control Flow Commands	261
Custom Script Syntax	263
Example Scripts	265
13: Connections	284
Typical Setup Scenarios for the EMG unit	284
Terminal Server	284
Remote Access Server	285
Reverse Terminal Server	285
Multiport Device Server	286
Console Server	286
Connection Configuration	287
Connection Commands	289
14: User Authentication	290
Authentication Commands	292
User Rights	293
Local and Remote User Settings	294
Sysadmin Account Default Login Values	295
Adding, Editing or Deleting a User	296
Shortcut	300
Local Users Commands	300
Remote User Rights Commands	300
NIS	301
NIS Commands	303
LDAP	304
LDAP Commands	308
RADIUS	309
RADIUS Commands	312
User Attributes & Permissions from LDAP Schema or RADIUS VSA	312
Kerberos	314
Kerberos Commands	316
TACACS+	317
TACACS+ Groups	317
TACACS+ Commands	321
Groups	322
Group Commands	325
SSH Keys	326
Overview	326
Imported Keys	326
Exported Keys	326
Create an SSH Key	326
Imported Keys (SSH In)	329
Exported Keys (SSH Out)	329
SSH Server/Host Keys	330
SSH Commands	332
Custom Menus	333
Custom User Menu Commands	335
15: Maintenance	336
Firmware & Configurations	336
Zero Touch Provisioning Configuration Restore	336
Creating a Certificate	337
HTTPS Push Configuration Restore	339
Factory Reset with External Storage Device	340
Internal Temperature	342
Site Information	342
EMG Firmware	342
Boot Banks and Bootloader Settings	343
Load Firmware Via Options	344
Configuration Management	344
Manage Files	346
Administrative Commands	346
System Logs	347
System Log Commands	348
Audit Log	349
Audit Log Commands	349
Email Log	350
Logging Commands	350
Diagnostics	351
Diagnostic Commands	354
Status/Reports	354
View Report	354
Status Commands	356
Emailing Logs and Reports	357
Events	359
Events Commands	361
Banners	361
Administrative Banner Commands	362
System Info	363
16: Application Examples	365
Telnet/SSH to a Remote Device	366
Dial-in (Text Mode) to a Remote Device	368
Local Serial Connection to Network Device via Telnet	370
17: Command Reference	372
Introduction to Commands	372
Command	372
Command Line Help	373
Tips	373
Administrative Commands	374
admin banner login	374
admin banner logout	374
admin banner show	374
admin banner ssh	375
admin banner welcome	375
admin config checksum	375
admin config copy	375
admin config rename\|delete	375
admin config factorydefaults	376
admin config restore	376
admin config save	377
admin config show	377
admin eeprom	377
admin firmware bootbank	378
admin firmware bootcount	378
admin firmware bootlimit	378
admin firmware bootdelay	378
admin firmware highrestimers	379
admin firmware watchdog	379
admin firmware show	379
admin firmware update	379
admin firmware clearlog	379
admin ftp password	380
admin ftp server	380
admin ftp show	380
admin memory show	380
admin memory swap add	380
admin memory swap delete	381
admin quicksetup	381
admin reboot	381
admin shutdown	381
admin site	381
admin sysinfo	382
admin version	382
admin web certificate import	382
admin web certificate reset	382
admin web certificate custom	383
admin web certificate custom	383
admin web certificate show	383
admin web group	383
admin web server	383
admin web sha2	383
admin web timeout	384
admin web terminate	384
admin web show	384
admin web banner	384
admin web iface	384
admin web cipher	385
admin web sha2	385
admin web tlsv10	385
admin web tlsv11	385
admin web tlsv12	385
admin web restart	386
admin chip resetmodem	386
Audit Log Commands	386
show auditlog	386
Authentication Commands	387
set auth	387
show auth	387
show user	387
Kerberos Commands	388
set kerberos	388
show kerberos	388
LDAP Commands	389
set ldap	389
set ldap bindpassword	389
set ldap certificate import	390
set ldap certificate delete	390
show ldap	390
Local Users Commands	390
set localusers add\|edit	390
set localusers allowreuse	391
set local users complexpasswords	391
set localusers state	391
set localusers delete	391
set localusers lifetime	392
set localusers maxloginattempts	392
set localusers password	392
set localusers periodlockout	392
set localusers periodwarning	392
set localusers reusehistory	393
set localusers multipleadminlogins	393
set localusers consoleonlyadmin	393
show localusers	393
set localusers lock	393
set localusers unlock	394
set localusers permissions	394
NIS Commands	394
set nis	394
show nis	395
RADIUS Commands	395
set radius	395
set radius server	396
show radius	396
TACACS+ Commands	396
set tacacs+	396
show tacacs+	397
User Permissions Commands	398
set localusers group	398
set localusers lock	398
set localusers unlock	398
set localusers permissions	398
set <nis\|ldap\|radius\|kerberos\|tacacs+> permissions	399
show user	399
Remote User Commands	399
set remoteusers add\|edit	399
set remoteusers listonlyauth	400
set remoteusers denyaccessnocustomgroup	400
set remoteusers denyaccessnocustomgroup <enable\|disable>	400
set remoteusers lock\|unlock	400
set remoteusers delete	400
show remoteusers	400
set <nis\|ldap\|radius\|kerberos\|tacacs+> group	401
Cellular Modem Commands	401
set cellular	401
set cellular update	401
set cellular	402
show cellular	402
ConsoleFlow Commands	402
set cflow client	402
set cflow statusinterval	402
set cflow fwupdate	402
set cflow rebootafterupdate	403
set cflow connection	403
set cflow devicename	403
set cflow timeoutcli	403
set cflow digitalprobe	404
set cflow id	404
set cflow key	404
show cflow	404
CLI Commands	405
set cli	405
set cli menu	405
show cli	405
show user	406
set history	406
show history	406
Connection Commands	406
connect bidirection	406
connect direct	407
connect global outgoingtimeout	407
connect listen deviceport	408
connect terminate	408
connect unidirection	408
show connections	409
show connections connid	409
Console Port Commands	409
set consoleport	409
show consoleport	410
Custom User Menu Commands	410
set localusers	410
set menu add	410
set menu delete	411
set <nis\|ldap\|radius\|kerberos\|tacacs+> custommenu	411
set remoteusers add\|edit	411

Match case Limit results 1 per page

14: User Authentication

EMG™ Edge Management Gateway User Guide

306

Enter the following:

Enable LDAP

Displays selected if you enabled this method on the first User Authentication page.

If you want to set up this authentication method but not enable it immediately, clear

the checkbox.

Server #1

(or Server #2)

The IPv4 or IPv6 address or host name of the primary and secondary LDAP

servers. The secondary LDAP server will be used for authentication in the event

that the primary LDAP server cannot be reached.

Port

Number of the TCP port on the LDAP server to which the

EMG

talks. The default is

389

Base

The name of the LDAP search base (e.g., dc=company, dc=com). May have up to

80 characters.

Bind Name

The name for a non-anonymous bind to an LDAP server. This item has the same

format as LDAP Base. One example is

cn=administrator,cn=Users,dc=domain,dc=com

Bind Password /

Retype Password

Password for a non-anonymous bind. This entry is optional. Acceptable characters

are

a-z

A-Z

, and

0-9

The maximum length is 127 characters.

Bind with Login

Select to bind with the login and password that a user is authenticating with. This

requires that the Bind Name contain the

$login

token, which will be replaced with

the current login. For example, if the Bind Name is

uid=$login,ou=People,dc=lantronix,dc=com

, and user

roberts

logs into the EMG, LDAP will bind with

uid=roberts,ou=People,dc=lantronix,dc=com

and the password

entered by roberts.

User Login Attribute

The attribute used by the LDAP server for user logins. If nothing is specified for the

user filter, the EMG unit will use "uid". For AD LDAP servers, the attribute for user

logins is typically "sAMAccountName".

Group Filter

Objectclass

The objectclass used by the LDAP server for groups. If nothing is specified for the

group filter, the EMG will use "posixGroup". For AD LDAP servers, the objectclass

for groups is typically "Group".

Group Member

Attribute

The attribute used by the LDAP server for group membership. This attribute may be

use to search for a name (ie, "msmith") or a Distinguished Name (ie,

"uid=msmith,ou=People,dc=lantronix,dc=com"). Select either Name or DN as

appropriate for the LDAP server. If nothing is specified for the group membership

attribute, the EMG unit will use "memberUID" for name and "uniqueMember" for

DN. For AD LDAP servers, the Group Membership Value is typically DN, with the

Group Membership Attribute of "member".

Group Member Value

The attribute used by the LDAP server for group membership. This attribute may be

use to search for a name (ie, "msmith") or a Distinguished Name (ie,

"uid=msmith,ou=People,dc=lantronix,dc=com"). Select either Name or DN as

appropriate for the LDAP server. If nothing is specified for the group membership

attribute, the EMG will use "memberUID" for name and "uniqueMember" for DN.

For AD LDAP servers, the Group Membership Value is typically DN, with the Group

Membership Attribute of "member".

Use LDAP Schema

Select the check box to obtain remote user attributes (group/permissions and port

access) from an Active Directory server's scheme via the user attribute 'Secure

LantronixPerms' (see details below). Disabled by default.

Active Directory

Support

Select to enable. Active Directory is a directory service from Microsoft that is a part

of Windows 2000 and later versions of Windows. It is LDAP- and Kerberos-

compliant. Disabled by default.