Manualshelf

User guide

ManualsBrandsRaritan ManualsComputer equipmentDOMINION DKX432
61626364656667686970
54 DOMINION KX USER GUIDE
Remote Authentication
Introduction
Note to CommandCenter Users
If you plan to configure the device to be integrated with and controlled by Raritan’s CommandCenter
management appliance, this section of the User Manual does not apply to you
. When a device is controlled
by CommandCenter, CommandCenter determines the allowed users and groups. Please refer to your
CommandCenter User Guide.
Note to Raritan Customers Upgrading from Previous Firmware Versions
If you have previously implemented RADIUS authentication on Raritan products such as Dominion KSX
and IP-Reach running legacy firmware versions earlier than v3.2, read this entire section carefully
.
Beginning with firmware version v3.2 and above, the implementation of external authentication has
changed significantly to provide more flexible and powerful configurations.
Supported Protocols
In order to simplify management of usernames and passwords, device provides the capability to forward
authentication requests to an external authentication server. The device supports two external authentication
protocols: LDAP and RADIUS.
Note on Microsoft Active Directory
Microsoft Active Directory uses the LDAP protocol natively, and can function as an LDAP server and
authentication source for KX101. If it has the IAS (Internet Authorization Server) component, a Microsoft
Active Directory server can also serve as a RADIUS authentication source.
Remote Authentication Implementation
Priority
When a user tries to authenticate to a KX101 unit that is configured for external authentication, KX101 first
checks its own internal user database for that username. If the username is not found in the KX101 internal
database, the request is forwarded to the external authentication server.
If Username is not found in the KX101 internal database: Request is forwarded to external
authentication server to determine whether the login is allowed or denied.
If Username is found in the KX101 internal database and Password is correct: Login is allowed.
If Username is not found in the KX101 internal database and Password is incorrect: Login is
denied; the request does NOT get forwarded to the external authentication server.