Product User Guide
86
values for the LDAP scheme are set appropriately. You can choose between a
Generic LDAP Server, a Novell* Directory Service, and a Microsoft* Active Directory. If
you have neither a Novell* Directory Service nor a Microsoft* Active Directory then
choose a Generic LDAP Server and edit the LDAP scheme used (see below).
• Name of login-name attribute: This is the name of the attribute containing the unique
login name of a user. To use the default leave this field empty. The default depends on
the selected LDAP server type.
• Name of user-entry object class: This is the object class that identifies a user in the
LDAP directory. To use the default leave this field empty. The default depends on the
selected LDAP server type. You can refine the search for users that should be known
to the Intel
®
RMM2.
• Active Directory Domain: This option represents the active directory domain that is
configured in the Microsoft* Active Directory server. This option is only valid if you
have chosen a Microsoft* Active Directory as the LDAP server type, e.g.:
test.domain.com.
7.6.8.2 Using the RADIUS Server
The Intel
®
RMM2 uses RADIUS only for authentication (password verification). User privileges
and private settings are still stored locally at the Intel
®
RMM2. A user account has to be created
on the Intel
®
RMM2 before this user can login via LDAP. Also, all privilege configurations have
to be done within the Intel
®
RMM2 user management.
RADIUS (Remote Authentication Dial In User Service) is a protocol specified by the Internet
Engineering Task Force (IETF) working group. There are two specifications that make up the
RADIUS protocol suite: Authentication and Accounting. These specifications aim to centralize
authentication, configuration, and accounting for dial-in services to an independent server. The
RADIUS protocol exists in several implementations such as freeRADIUS, openRADIUS, or
RADIUS on UNIX systems. The RADIUS protocol itself is well specified and tested.
Recommendations for all products listed above are available. For detailed information on how to
setup the RADIUS server, refer to Appendix C.
Note: Currently the Intel
®
RMM2 does not support challenge/response. An Access Challenge
response is seen and evaluated as an Access Reject.
To access a remote device using the RADIUS protocol you must login first. You are asked to
specify your user name and password. The RADIUS server reads your input data
(Authentication) and the Intel
®
RMM2 looks for your profile (Authorization). The profile defines
(or limits) your actions and may differ depending on your specific situation. If there is no such
profile your access via RADIUS will be refused.
In terms of the remote activity mechanism the login via RADIUS works similar to the Remote
Console. If there is no activity for half an hour your connection to the Intel
®
RMM2 will be
aborted and closed.
• Server: Enter either the IP address or the hostname of the RADIUS Server to
connect to. If entering the hostname, DNS has to be configured and enabled.
• Shared Secret: A shared secret is a text string that serves as a password between
the RADIUS client and RADIUS server. In this case the Intel
®
RMM2 serves as a
RADIUS client. A shared secret is used to verify that RADIUS messages are sent by
a RADIUS-enabled device that is configured with the same shared secret, and to
verify that the RADIUS message has not been modified in transit (message integrity).
For the shared secret you can use any standard alphanumeric and special