Kerberos Set Up Server window

System Administrator Guide for VSP 5000 Series

Version
90-08-8x
Audience
anonymous
Part Number
MK-98RD9009-13

To open this window, select Kerberos in the Select Authentication Server window.



The following table describes the fields and settings in the Setup Server section of Kerberos window.

Item

Description

DNS Lookup

Specify whether to search for the Kerberos server using the information registered in the SRV records in the DNS server.

  • Enable: Do not select the search using information registered in the SRV records in the DNS server.
  • Disable: Select the search using the host name and the port number.

Realm Name

Specify a default realm name.

You can specify ASCII code characters and hyphens (-).

Host Name

Specify a host name of the Kerberos server.

You can specify ASCII code characters, hyphens (-), and periods (.).

If you select Enable in DNS Lookup, this item is disabled.

Port Number

Specify a port number of the Kerberos server.

If you select Enable in DNS Lookup, this item is disabled.

Clock Skew

Specify an acceptable range of time difference between the SVP and the Kerberos server.

Timeout

Specify the number of seconds before connection to the Kerberos server times out.

Secondary Server

Specify whether to use a secondary Kerberos server.

  • Enable: Uses the secondary server.
  • Disable: Does not use the secondary server.

If you specify Enable in DNS Lookup, this item is disabled.

Secondary Server - Host Name

Specify a host name of the secondary Kerberos server.

You can specify ASCII code characters, hyphens (-), and periods (.).

If you select Enable in DNS Lookup, or if you select Disable in Secondary Server, this item is disabled.

Secondary Server - Port Number

Specify a port number of the secondary Kerberos server.

If you select Enable in DNS Lookup, or if you select Disable in Secondary Server, this item is disabled.

External User Group Mapping

Specify whether to connect an authentication server to an authorization server.

  • Enable: Connects an authentication server to an authorization server.
  • Disable: Does not connect an authentication server to an authorization server.

External User Group Mapping - Certificate File Name

Specify a certificate file. Click Browse to find the file.

If you select Disable in External User Group Mapping, this item is disabled.

External User Group Mapping - Authentication Protocol

Specify an LDAP protocol to use. Available protocols are:

  • Select LDAP over SSL/TLS
  • Do not select STARTTLS

If you select Enable in DNS Lookup, you cannot select LDAP over SSL/TLS.

If you select Disable in External User Group Mapping, this item is disabled.

External User Group Mapping - Primary Port Number

Specify a port number of the LDAP server.

If you select Enable in DNS Lookup, or if you select Disable in External User Group Mapping, this item is disabled.

External User Group Mapping - Secondary Port Number

Specify a port number of the secondary LDAP server.

If you select Disable in Secondary Server, Enable in DNS Lookup, or External User Group Mapping fields, this item is disabled.

External User Group Mapping - Base DN

Specify a base DN to search for users to authenticate.

Available characters: Alphanumeric characters (ASCII characters) and all symbols.

  • Hierarchical model: Specify a DN of hierarchy that includes all the targeted users for searching.
  • Flat model: Specify a DN of hierarchy that is one level up of the targeted user for searching.

If this field is blank, the value specified for the defaultNamingContext attribute of Active Directory is assumed as the base DN.

If you select Disable in External User Group Mapping, this item is disabled.

To use symbols such as + ; , < = and > in the basedn field, type a backslash (\) before each symbol. When using multiple symbols, each symbol must have a backslash (\) before it. For example, to enter abc++, type abc\+\+.

To use backslash (\) , forward slash (/), or quotation mark (") in the basedn field, type a backslash (\) followed by the ASCII code in hex for the symbol:
  • Type \5c to enter a backslash (\).
  • Type \2f to enter a forward slash (/).
  • Type \22 to enter a quotation mark (").

External User Group Mapping - Search User's DN

Search for a user by specifying a DN

Available characters: Alphanumeric characters (ASCII characters) and all symbols.

If you select Disable in External User Group Mapping, this item is disabled.

To use symbols such as + ; , < = and > in the searchdn field, type a backslash (\) before each symbol. When using multiple symbols, each symbol must have a backslash (\) before it. For example, to enter abc++, type abc\+\+.

To use backslash (\) , forward slash (/), or quotation mark (") in the searchdn field, type a backslash (\) followed by the ASCII code in hex for the symbol:
  • Type \5c to enter a backslash (\).
  • Type \2f to enter a forward slash (/).
  • Type \22 to enter a quotation mark (").

External User Group Mapping - Password

Search for a user by specifying his password. Specify the same password that is registered in the LDAP server.

You can specify ASCII code characters and the following symbols:

! # $ % & ' ( ) * + - . = @ \ ^ _ |

If you select Disable in External User Group Mapping, this item is disabled.

External User Group Mapping - Re-enter Password

Re-enter the password of the user you are searching for to confirm your entry.

You can specify ASCII code characters and the following symbols:

! # $ % & ' ( ) * + - . = @ \ ^ _ |

If you enter any password in External User Group Mapping - Password, you must specify this item.

If you select Disable in External User Group Mapping, this item is disabled.

External User Group Mapping - Timeout

Specify the number of seconds before connection to the LDAP server times out.

If you select Disable in External User Group Mapping, this item is disabled.

External User Group Mapping - Retry Interval

Specify a retry interval in seconds when the connection to the LDAP server fails.

If you select Disable in External User Group Mapping, this item is disabled.

External User Group Mapping - Number of Retries

Specify retry times when the connection to the LDAP server fails.

If you select Disable in External User Group Mapping, this item is disabled.

Test User Name

Specify a user name for a server connection test.

You can specify ASCII code characters and the following symbols:

! # $ % & ' * + - . / = ? @ ^ _ ` { | } ~

Password

Specify a password of the user name for a server connection test.

You can specify ASCII code characters and the following symbols:

! # $ % & ' ( ) * + , -. / : ; < = > ? @[ \ ] ^ _` { | } ~

Server Configuration Test

Click Check to conduct a server connection test for the authentication server and the authorization server based on the specified settings.

Server Configuration Test - Result

Displays a result of the server connection test for the authentication server and the authorization server.