To open this window, select Kerberos in the Select Authentication Server window.
The following table describes the fields and settings in the Setup Server section of Kerberos window.
Item |
Description |
---|---|
DNS Lookup |
Specify whether to search for the Kerberos server using the information registered in the SRV records in the DNS server.
|
Realm Name |
Specify a default realm name. You can specify ASCII code characters and hyphens (-). |
Host Name |
Specify a host name of the Kerberos server. You can specify ASCII code characters, hyphens (-), and periods (.). If you select Enable in DNS Lookup, this item is disabled. |
Port Number |
Specify a port number of the Kerberos server. If you select Enable in DNS Lookup, this item is disabled. |
Clock Skew |
Specify an acceptable range of time difference between the SVP and the Kerberos server. |
Timeout |
Specify the number of seconds before connection to the Kerberos server times out. |
Secondary Server |
Specify whether to use a secondary Kerberos server.
If you specify Enable in DNS Lookup, this item is disabled. |
Secondary Server - Host Name |
Specify a host name of the secondary Kerberos server. You can specify ASCII code characters, hyphens (-), and periods (.). If you select Enable in DNS Lookup, or if you select Disable in Secondary Server, this item is disabled. |
Secondary Server - Port Number |
Specify a port number of the secondary Kerberos server. If you select Enable in DNS Lookup, or if you select Disable in Secondary Server, this item is disabled. |
External User Group Mapping |
Specify whether to connect an authentication server to an authorization server.
|
External User Group Mapping - Certificate File Name |
Specify a certificate file. Click Browse to find the file. If you select Disable in External User Group Mapping, this item is disabled. |
External User Group Mapping - Authentication Protocol |
Specify an LDAP protocol to use. Available protocols are:
If you select Enable in DNS Lookup, you cannot select LDAP over SSL/TLS. If you select Disable in External User Group Mapping, this item is disabled. |
External User Group Mapping - Primary Port Number |
Specify a port number of the LDAP server. If you select Enable in DNS Lookup, or if you select Disable in External User Group Mapping, this item is disabled. |
External User Group Mapping - Secondary Port Number |
Specify a port number of the secondary LDAP server. If you select Disable in Secondary Server, Enable in DNS Lookup, or External User Group Mapping fields, this item is disabled. |
External User Group Mapping - Base DN |
Specify a base DN to search for users to authenticate. Available characters: Alphanumeric characters (ASCII characters) and all symbols.
If this field is blank, the value specified for the defaultNamingContext attribute of Active Directory is assumed as the base DN. If you select Disable in External User Group Mapping, this item is disabled. To use symbols such as + ; , < = and > in the basedn field, type a backslash (\) before each symbol. When using multiple symbols, each symbol must have a backslash (\) before it. For example, to enter abc++, type abc\+\+. To use backslash (\) , forward slash (/), or quotation mark (") in the basedn field, type a backslash (\) followed by the ASCII code in hex for the symbol:
|
External User Group Mapping - Search User's DN |
Search for a user by specifying a DN Available characters: Alphanumeric characters (ASCII characters) and all symbols. If you select Disable in External User Group Mapping, this item is disabled. To use symbols such as + ; , < = and > in the searchdn field, type a backslash (\) before each symbol. When using multiple symbols, each symbol must have a backslash (\) before it. For example, to enter abc++, type abc\+\+. To use backslash (\) , forward slash (/), or quotation mark (") in the searchdn field, type a backslash (\) followed by the ASCII code in hex for the symbol:
|
External User Group Mapping - Password |
Search for a user by specifying his password. Specify the same password that is registered in the LDAP server. You can specify ASCII code characters and the following symbols: ! # $ % & ' ( ) * + - . = @ \ ^ _ | If you select Disable in External User Group Mapping, this item is disabled. |
External User Group Mapping - Re-enter Password |
Re-enter the password of the user you are searching for to confirm your entry. You can specify ASCII code characters and the following symbols: ! # $ % & ' ( ) * + - . = @ \ ^ _ | If you enter any password in External User Group Mapping - Password, you must specify this item. If you select Disable in External User Group Mapping, this item is disabled. |
External User Group Mapping - Timeout |
Specify the number of seconds before connection to the LDAP server times out. If you select Disable in External User Group Mapping, this item is disabled. |
External User Group Mapping - Retry Interval |
Specify a retry interval in seconds when the connection to the LDAP server fails. If you select Disable in External User Group Mapping, this item is disabled. |
External User Group Mapping - Number of Retries |
Specify retry times when the connection to the LDAP server fails. If you select Disable in External User Group Mapping, this item is disabled. |
Test User Name |
Specify a user name for a server connection test. You can specify ASCII code characters and the following symbols: ! # $ % & ' * + - . / = ? @ ^ _ ` { | } ~ |
Password |
Specify a password of the user name for a server connection test. You can specify ASCII code characters and the following symbols: ! # $ % & ' ( ) * + , -. / : ; < = > ? @[ \ ] ^ _` { | } ~ |
Server Configuration Test |
Click Check to conduct a server connection test for the authentication server and the authorization server based on the specified settings. |
Server Configuration Test - Result |
Displays a result of the server connection test for the authentication server and the authorization server. |