Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER
271272273274275276277278279280
OmniAccess SafeGuard OS Administration Guide
278
Chapter 6: Configuring Authentication and Role Derivation
AD and RADIUS also have attributes that can be used for deriving a role. AD attributes
are queried using LDAP when a user authenticates. For each domain, the SafeGuard
device has one or more domain controllers that it can query. RADIUS attributes are
collected from the sniffed conversation between a NAS and a server. RADIUS attributes
can also be collected from a Captive Portal login when it is implemented in the network.
The system supports both standard RADIUS attributes and Vendor Supported Attributes
(VSAs). In addition, DHCP options obtained when the client machined received it’s IP
address can also be used.
The following are examples of DHCP, AD, and RADIUS attributes:
See the following sections for more details:
Configuring Rule Maps
Removing the Rule Map
Displaying Rule Map Information
system.timeOfDay Time of day when the user authenticated
system.roleName A special attribute, used to assign a role to
the user based on a rule-map match
Attribute Description
ad.department User department. Be sure that the department
attribute on the AD Organization tab matches the
department name you are entering into the
Alcatel-Lucent database.
ad.distinguishedName User’s distinguished name, such as Alcatel-
Lucent.com/Users/Bill Smith
ad.company Employer, such as Alcatel-Lucent
ad.memberOf List of AD groups to which the user belongs
ad.hostOperatingSystem Host operating system where the user is logged in
radius.nasIP IP address of the NAS
radius.calledStation String indicating the network service accessed by
the user
radius.Alcatel-Lucent.roleName Vendor-specific attribute indicating the user role-
name
Attribute Description