Manualshelf

Specifications

ManualsBrandsShoreTel ManualsComputer equipmentMobility Router 4000
101102103104105106107108109110
Configuring Authentication Managing Order of Authentication
8
ShoreTel Mobility Router Administration Guide 91
Managing Order of Authentication
After defining local authentication or adding authentication servers, specify the order in which the
Mobility Router performs authentication against the established databases. The order determines the
search order that the Mobility Router uses when attempting authentication. The order of authentication
can be defined separately for Admin users and for End Users: Admin privilege users logged in to the
Mobility Router using the Web UI, Mobility Client Administrator provisioning, etc., use the Admin
Authentication Ordering; End users logged in to the Mobility Router for Mobility Client provisioning use
the User Authentication Ordering.
By default, the first method of authentication attempted is authentication with the local user database
on the Mobility Router. We recommend that you keep the default for the first method. If you select
LDAP, RADIUS or TACACS+ as the first method of authentication and the authentication server is not
available, it might be some time before the second method of authentication can be attempted.
After successful authentication, the Mobility Router discontinues searching. If the Mobility Router is
unsuccessful in authenticating using the first method specified, the search order defined is used to
continue the search.
To set the order of authentication:
1. Select Configuration > System > Authentication > Ordering. The Ordering page displays.
Figure 39: Ordering
2. In the First list, select the authentication method to be used first:
local—Uses the Mobility Router local user database
ldap—Uses the specified Active Directory or LDAP server
radius—Uses the specified RADIUS server
tacacs+—Uses the specified TACACS+ server
The Mobility Router first attempts authentication with the option specified in this field.
3. If you defined more than one method of authentication, set the Second field to an option different
than the one selected for the First field. The Mobility Router attempts to authenticate with this
setting if it cannot authenticate with the option specified in the First field.