Authentication Server ##################### You can find the Authentication Server Settings at **Authentication → Auth. Server**. On the Authentication Server screen you can quick edit some settings like **activating/deactivating** and **deleting** authentication servers. .. image:: img/Auth-Server-Create.png :width: 100% :align: center :alt: Authentication Server Creation Each server can have a **name** and can be **enabled** individually. You can choose either *LDAP* or *RADIUS* as **type**. After creating the Authentication Server you still need to create a user with the same username in :ref:`User`. A password has to be supplied as well which might be random. The user will only be authenticated against the chosen Authentication Server though. LDAP **** **Hostname or IP address** has to be configured **Port** can be configured and is by default 389 for TCP/TLS and 636 for SSL **Transport** can be *TCP - Standard*, *TCP - STARTTLS* or *SSL - Encrypted* **Peer Certificate Authority** can be selected if *Transport* is *STARTTLS* or *SSL - Encrypted* **Check Certificate** can be enabled or disabled **Protocol version** can be *2* or *3* **Server Timeout** is the timeout for LDAP operations in seconds. Default is 25 **Search Scope Level** can be *Entire Subtree* or *One Level* **Search Scope Base DN** is the Base Distinguished Name for the search scope **Bind anonymous** can be enabled or disabled **Bind User DN** can be set up if *Bind anonymous* is disabled **Bind Password** can be set up if *Bind anonymous* is disabled **Method** can be *User* or *Custom* **Custom Query** can be configured but please use the string USER where the username should be added in the query. It will be replaced with the actual username **Initial Template** can be *OpenLDAP*, *Microsoft AD* or *Novell eDirectory* **User naming attribute** uniquely identifies an entry and is *cn* by default **Group** can be enabled or disabled **Group member attribute** can be configured if *Group* is enabled and is *member* by default **Group CN** can be configured if *Group* is enabled to find a group the user has to belong to in order to login **Sync User Group** if you want matching group names in VT AIR to get the user added automatically **Group class attribute** is the class attribute of the group (e.g. group or posixGroup) **Group naming attribute** usually CN **Username Alterations** determines whether the username after the @ symbol will be stripped away or not **Sync User** can be enabled or disabled. If this option is enabled, it will automatically sync LDAP users to the VT AIR. If a user exists in the LDAP server but not in the VT AIR, a new user will be created. If a user was changed in the LDAP server, the corresponding user in the VT AIR will be updated. The following related settings will be available: **Unique ID** is *entryUUID* for *OpenLDAP*, *objectGUID* for *Microsoft AD* and *GUID* for *Novell eDirectory* **User Firstname Attribute** is *givenName* by default **User Lastname Attribute** is "sn" by default **Sync Import** if you want Users and Groups to be synced in the background. A sync job will be executed once an hour. Otherwise only users that login to the Webgui will be synced at login time. **Default Group** the user is added to when synced. If you want your Users to have access to the Webgui automatically choose the **System Admin** or **System User** Groups. RADIUS ****** **Hostname or IP address** has to be configured **Protocol** can be *PAP*, *CHAP*, *MS-CHAPv1*, *MS-CHAPv2* or *EAP-MS-CHAPv2* **Shared Secret** is a shared secret to connect VT AIR to the radius server **Services Offered** can only be *Authentication* for the moment **Authentication Port** can be set up and is 1812 by default **Authentication Timeout** is how long (in seconds) the RADIUS server may take to respond to an authentication request. The default is 5