User Guide

ManualsBrandsEmerson ManualsInfrastructure ManagementEmerson Avocent Data Center Planner

141

142

143

144

145

146

147

148

149

150

Authorization

Type

Field Description

AD/LDAP username type

These are commonly known AD authentication name types. However, specifying a

username type will require this style of authentication to be provided at log in time to

the Avocent console by the user. Users will need to know their domains for “Full”

name types, Pre-windows 2000 partial (username), Pre-windows 2000 full

(domain\username), Windows 2000 partial (username), Windows 2000 full

(username@domain), Pre-windows 2000 partial (username), Pre-windows 2000

full(domain\username) Windows 2000 partial (username), Windows 2000 full

(username@domain).

AD/LDAP username type

Use Kerberos for user authentication (checkbox): This allows users to authenticate

through Kerberos if they have enabled DES types for their accounts in the AD

domain. The Avocent Management Platform supports the following Encryption types

to negotiate Kerberos authentication: des.des-cbc-md5 (3), des-cbc-crc (1), rc4-

hmac (23), aes128-cts-hmas-shal-96 (17), des128-cts-hmas-shal-96 (17). To

create an AD authentication instance that uses Kerberos, in the A D users account,

ensure "Use DES encryption types for this account is disabled. Microsoft des

encryption types are not the same as other Kerberos des types. If this option is

selected, it requires proprietary Microsoft des types to be used during authentication.

You may receive errors from the KDC stating 'unsupported encryption type' during

attempted authentication. Enable chasing referrals: This allows using LDAP referrals

between clients and servers where the client request cannot be serviced locally. Use

an Active Directory global catalog: This enables the instance to utilize an A Global

Catalog server. Browse anonymously: This enables the browsing of the directory

with an anonymous bind.

LDAP Host

Enter the host name you will be authenticating against. This field supports IP or DNS

naming. This is a required field.

LDAP Port

Enter the port number as an integer for authentication against the LDAP server. The

default port is 389. This is a required field.

AD SSL mode Use No SSL or SSL Trust All.

AD/LDAP username

Enter the FQDN of the user creating the authentication instance. This is required for

authentication during instance creation.

AD/LDAP Password

The password of the user account that will be used during instance creation for

authentication.

LDAP LDAP user properties

The LDAP User and Group properties and Group base DN are used to specify

containers for user and group accounts. The remaining attributes are based on the

schema of the particular LDAP authentication service. User base DN, User key

attributes, Object class, User display.

LDAP LDAP group properties Group base DN, Object class, Group member, Group user member.

Setting the Authentication Type

Setting the authentication order allows you to display the authentication instances in the login dialog in the

order in which they were set.

To set the authentication type:

1. In User management, click Authentication.

2. In the Actions/Authentication pane, click Set authentication order. The Set authentication order dialog

opens.

3. Reorder the items by selecting an item and moving it to the wanted order. Repeat until you have the

authentication order properly set.

4. Click OK.

138 Data Center Planner Installer/User Guide