Manualshelf

Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance
231232233234235236237238239240
7-5
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 7 User Management: Configuring Authentication Servers
Adding an Authentication Provider
Kerberos
Note In Cisco NAC Appliance, you can configure one Kerberos auth provider and one LDAP auth provider
using the GSSAPI authentication method, but only one of the two can be active at any time. See LDAP,
page 7-16 for more information.
Note For Kerberos functions with FIPS 140-2 compliant CAMs, you must ensure that hosts are running
Windows 2008 Server to support secure authentication sessions between external resources and
FIPS-compliant appliances.
Step 1 Go to User Management > Auth Servers > New.
Step 2 From the Authentication Type dropdown menu, choose Kerberos.
Figure 7-3 Add Kerberos Auth Server
Step 3
Provider Name—Type a unique name for this authentication provider. Enter a meaningful or
recognizable name if web login users will be able to select providers from the web login page.
Step 4 Domain Name—The domain name for your Kerberos realm in UPPER CASE, such as CISCO.COM.
Step 5 Default Role—Choose the user role assigned to users authenticated by this provider. This default role
is used if not overridden by a role assignment based on MAC address or IP address.
Step 6 Server Name—The fully qualified host name or IP address of the Kerberos authentication server, such
as auth.cisco.com.
Step 7 Description—Enter an optional description of this auth server for reference.
Step 8 Click Add Server.
Note When working with Kerberos servers, keep in mind that Kerberos is case-sensitive and that the realm
name must be in UPPER CASE. The clock must also be synchronized between the CAM and DC.