Specifications

7-17

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 7 User Management: Configuring Authentication Servers

Adding an Authentication Provider

Configure LDAP Server with Simple Authentication

Step 1 Go to User Management > Auth Servers > New.

Step 2 From the Authentication Type dropdown menu, choose LDAP.

Figure 7-11 Add LDAP Auth Server—SIMPLE Authentication Mechanism

Step 3

Provider Name—Type a unique name for this authentication provider. Enter a meaningful or

recognizable name if web login users will be able to select providers from the web login page.

Step 4 Description—Enter an optional description of this auth server for reference.

Step 5 Server URL—Type the URL of the LDAP server, in the form:

ldap://<directory_server_name>:<port_number>

If no port number is specified, 389 is assumed.

Note When using LDAP to connect to the AD server, Cisco recommends using TCP/UDP port 3268 (the

default Microsoft Global Catalog port) instead of the default port 389. This allows for a more efficient

search of all directory partitions in both single and multi domain environments.

You can add redundancy for LDAP Authentication servers by entering multiple LDAP URLs in the

Server URL field separated by a space, for example:

ldap://ldap1.abc.com ldap://ldap2.abc.com ldap://ldap3.abc.com

If the first LDAP server listed does not respond within 15 seconds, the CAM then attempts to

authenticate using the alternate LDAP server(s) in the list. Every LDAP authentication request is passed

to the first server specified in the list by default. You can only input 128 characters in this field, thus

limiting the number of redundant servers you can specify.