Specifications

7-21

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 7 User Management: Configuring Authentication Servers

Adding an Authentication Provider

Note You can also specify “failover” or “redundant” mappings in the KDC/Realm Mapping field. For

example, if you specify an LDAP server IP address-to-realm mapping, but use a redundant

LDAP server in your network, you can also enter the backup LDAP server’s IP address

immediately after the primary IP address-to-realm mapping to ensure the CAM also checks with

the redundant server in case the first one is unreachable.

Step 20 Domain/Realm Mapping—You can specify one or more mappings between LDAP server domains and

LDAP realms.

Step 21 Base/Realm Mapping—You can specify a different LDAP Search Base depending on which Kerberos

Realm is being authenticated.

Step 22 Click Add Server.

Multiple Domain SSL

When you choose the LDAP server to use SSL, you need to provide the details in the Multiple Domain

SSL tab as well.

Step 1 Go to User Management > Auth Servers > Lookup Servers > Multiple Domain SSL.

Figure 7-13 Multiple Domain SSL

Step 2

Choose the appropriate LDAP provider name from the Provider drop-down.

Step 3 Enter the other details according to the provider you have selected as follows:

a. Server URL—Type the URL of the LDAP server, in the form:

ldap://<directory_server_name>:<port_number>

If no port number is specified, 389 is assumed.

b. Search(Admin) Full DN—Enter the distinguished name(DN) of an AD user account and the first

CN (common name) entry should be an AD user with read privileges.

c. Domain Name—Enter the domain name for your LDAP server in upper case, such as CISCO.COM.