Tripp Lite B022-U08-IP Owner's Manual for B022-U08-IP 1U Rack KVM Switch 93327 - Page 35

ANMS - LDAP/S Configuration

Get Tripp Lite B022-U08-IP PDF manuals and user guides View all Tripp Lite B022-U08-IP manuals
Add to My Manuals
Save this manual to your list of manuals

Page 35 highlights

7. Administration (continued) 7.2.3 Remote OSD Administration Tab (continued) To allow authentication and authorization via LDAP/S, do the following: 1. Check the Enable LDAP Authentication checkbox. 2. Select LDAP or LDAPS. 3. Determine whether to enable authorization or not. • If the Enable Authorization checkbox is checked, the LDAP/S server directly returns a 'permission' attribute and authorization for the account that is logging in. With this selection, the LDAP schema must be extended. • If the Enable Authorization checkbox is not checked, the LDAP/S server indicates whether the account that is logging in is a member of the KVM Admin Group or not. If yes, the account has full access rights. If no, the account has user access rights (See the User Management section of this manual for details on account permissions). 4. Enter the appropriate IP address and access port for the LDAP or LDAPS server in the LDAP Server IP and Port fields. The default port number for LDAP is 389, and is 636 for LDAPS. 5. In the Timeout (Seconds) field, enter the time in seconds that the KVM waits for an LDAP or LDAPS server reply before it times out. 6. Consult the LDAP/S administrator about the appropriate entry for the LDAP Administrator DN field. For example, the entry might look like this: cn=LDAPAdmin,ou=B022-U08IP,dc=tripplite,dc=com 7. In the LDAP Admin Password field, key in the LDAP administrator's password. 8. In the Search DN field, set the distinguished name of the search base (i.e. the domain name where the search starts for the user name). Note: If the Enable Authorization checkbox is not checked, this field must include the entry where the KVM Admin Group is created. Consult the LDAP/S administrator about the appropriate entry for this. 9. In the Admin Group field, key in the group name for KVM administrator accounts. Note: If the Enable Authorization checkbox is not checked, this field is used to authorize accounts that are logging in. Accounts that are in this group have full access rights to the KVM. Accounts that are not in this group have user access rights to the KVM (See the User Management section of this manual for details on account permissions). Consult the LDAP/S administrator about the appropriate entry for this. 10. On the LDAP server, set the access rights for each user (The following sections describe how to configure LDAP/S for use with the KVM switch). ANMS - LDAP/S Configuration To allow authentication and authorization via LDAP or LDAPS, the active directory's LDAP Schema must be extended so that an extended attribute name for the KVM-permission-is added as an optional attribute to the person class. Note: Authentication refers to the identity verification of the person logging into the KVM switch, whereas Authorization refers to the assigning of device permissions. In order to configure the LDAP server, you will have to complete the following procedures: 1. Install the Windows Support Tools. 2. Install the Active Directory Schema Snap-In. 3. Extend and Update the Active Directory Schema. Each of these procedures is described in the following sections: Install the Windows Support Tools 1. On the Windows Server, open the Support Tools folder. 2. In the right panel of the dialog box that comes up, double click SupTools.msi. 3. Follow along with the Installation Wizard to complete the procedure. Install the Active Directory Schema Snap-In 1. Open a Command prompt. 2. Key in regsvr32 schmmgmt.dll to register schmmgmt.dll on your computer. 3. Open the Start menu. Click Run and key in mmc /a. Click OK. 4. In the File menu of the screen that appears, click Add/Remove Snap-in, and then click Add. 5. Under Available Standalone Snap-ins, double click Active Directory Schema, click Close and then click OK. 6. On the screen you are in, open the File menu and click Save. 7. When prompted where to save, specify the C:\Windows\system32 directory. 8. Key in the filename schmmgmt.msc. 9. Click Save to complete the procedure. Extend and Update the Active Directory Schema - Create a New Attribute 1. Open Control Panel Administrative Tools Active Directory Schema. 2. In the left panel of the screen that comes up, right-click Attributes. 3. Select New Attribute. 35

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
35
7.2.3 Remote OSD Administration Tab
(
continued
)
7. Administration
(
continued
)
To allow authentication and authorization via LDAP/S, do the
following:
1. Check the
Enable LDAP Authentication
checkbox.
2.
Select LDAP or LDAPS.
3.
Determine whether to enable authorization or not.
If the
Enable Authorization
checkbox is checked, the LDAP/S
server directly returns a ‘permission’ attribute and authorization
for the account that is logging in. With this selection, the LDAP
schema must be extended.
If the
Enable Authorization
checkbox is not checked, the LDAP/S
server indicates whether the account that is logging in is a
member of the KVM Admin Group or not. If yes, the account
has full access rights. If no, the account has user access rights
(See the
User Management
section of this manual for details on
account permissions).
4.
Enter the appropriate IP address and access port for the LDAP or
LDAPS server in the LDAP Server IP and Port fields. The default
port number for LDAP is 389, and is 636 for LDAPS.
5. In the
Timeout (Seconds)
field, enter the time in seconds that the
KVM waits for an LDAP or LDAPS server reply before it times out.
6.
Consult the LDAP/S administrator about the appropriate
entry for the
LDAP Administrator DN
field. For example, the
entry might look like this: cn=LDAPAdmin,ou=B022-U08-
IP,dc=tripplite,dc=com
7. In the
LDAP Admin Password
field, key in the LDAP administrator’s
password.
8.
In the
Search DN
field, set the distinguished name of the search base
(i.e. the domain name where the search starts for the user name).
Note:
If the
Enable Authorization
checkbox is not checked, this field
must include the entry where the KVM
Admin Group
is created.
Consult the LDAP/S administrator about the appropriate entry for
this.
9.
In the
Admin Group
field, key in the group name for KVM
administrator accounts.
Note:
If the
Enable Authorization
checkbox
is not checked, this field is used to authorize accounts that are
logging in. Accounts that are in this group have full access rights to
the KVM. Accounts that are not in this group have user access rights
to the KVM
(
See the
User Management
section of this manual for
details on account permissions). Consult the LDAP/S administrator
about the appropriate entry for this.
10.
On the LDAP server, set the access rights for each user (The
following sections describe how to configure LDAP/S for use with
the KVM switch).
ANMS – LDAP/S Configuration
To allow authentication and authorization via LDAP or LDAPS, the
active directory’s LDAP Schema must be extended so that an extended
attribute name for the KVM—
permission
—is added as an optional
attribute to the person class.
Note: Authentication refers to the identity verification of the person
logging into the KVM switch, whereas Authorization refers to the
assigning of device permissions.
In order to configure the LDAP server, you will have to complete the
following procedures:
1. Install the Windows Support Tools.
2.
Install the Active Directory Schema Snap-In.
3.
Extend and Update the Active Directory Schema.
Each of these procedures is described in the following sections:
Install the Windows Support Tools
1.
On the Windows Server, open the
Support
Tools
folder.
2.
In the right panel of the dialog box that comes up, double click
SupTools.msi
.
3.
Follow along with the Installation Wizard to complete the
procedure.
Install the Active Directory Schema Snap-In
1. Open a Command prompt.
2.
Key in
regsvr32 schmmgmt.dll
to register schmmgmt.dll on your
computer.
3. Open the
Start
menu. Click
Run
and key in
mmc /a
. Click
OK
.
4.
In the
File
menu of the screen that appears, click
Add/Remove
Snap-in
, and then click
Add
.
5. Under
Available Standalone Snap-ins
, double click
Active
Directory Schema
, click
Close
and then click
OK
.
6.
On the screen you are in, open the
File
menu and click
Save
.
7.
When prompted where to save, specify the
C:\Windows\system32
directory.
8.
Key in the filename
schmmgmt.msc
.
9.
Click
Save
to complete the procedure.
Extend and Update the Active Directory Schema – Create a New
Attribute
1. Open
Control Panel
Administrative Tools
Active Directory
Schema
.
2.
In the left panel of the screen that comes up, right-click
Attributes
.
3. Select
New
Attribute
.