9.3. Authentication Server

You can find the Authentication Server Settings at Authentication → Auth. Server.

On the Authentication Server screen you can quick edit some settings like activating/deactivating and deleting authentication servers.

Authentication Server Creation

Each server can have a name and can be enabled individually. You can choose either LDAP or RADIUS as type.

After creating the Authentication Server you still need to create a user with the same username in User. A password has to be supplied as well which might be random. The user will only be authenticated against the chosen Authentication Server though.

9.3.1. LDAP

Hostname or IP address has to be configured

Port can be configured and is by default 389 for TCP/TLS and 636 for SSL

Transport can be TCP - Standard, TCP - STARTTLS or SSL - Encrypted

Peer Certificate Authority can be selected if Transport is STARTTLS or SSL - Encrypted

Check Certificate can be enabled or disabled

Protocol version can be 2 or 3

Server Timeout is the timeout for LDAP operations in seconds. Default is 25

Search Scope Level can be Entire Subtree or One Level

Search Scope Base DN is the Base Distinguished Name for the search scope

Bind anonymous can be enabled or disabled

Bind User DN can be set up if Bind anonymous is disabled

Bind Password can be set up if Bind anonymous is disabled

Method can be User or Custom

Custom Query can be configured but please use the string USER where the username should be added in the query. It will be replaced with the actual username

Initial Template can be OpenLDAP, Microsoft AD or Novell eDirectory

User naming attribute uniquely identifies an entry and is cn by default

Group can be enabled or disabled

Group member attribute can be configured if Group is enabled and is member by default

Group CN can be configured if Group is enabled to find a group the user has to belong to in order to login

Sync User Group if you want matching group names in VT AIR to get the user added automatically

Group class attribute is the class attribute of the group (e.g. group or posixGroup)

Group naming attribute usually CN

Username Alterations determines whether the username after the @ symbol will be stripped away or not

Sync User can be enabled or disabled. If this option is enabled, it will automatically sync LDAP users to the VT AIR. If a user exists in the LDAP server but not in the VT AIR, a new user will be created. If a user was changed in the LDAP server, the corresponding user in the VT AIR will be updated. The following related settings will be available:

Unique ID is entryUUID for OpenLDAP, objectGUID for Microsoft AD and GUID for Novell eDirectory

User Firstname Attribute is givenName by default

User Lastname Attribute is “sn” by default

Sync Import if you want Users and Groups to be synced in the background. A sync job will be executed once an hour. Otherwise only users that login to the Webgui will be synced at login time.

Default Group the user is added to when synced. If you want your Users to have access to the Webgui automatically choose the System Admin or System User Groups.

9.3.2. RADIUS

Hostname or IP address has to be configured

Protocol can be PAP, CHAP, MS-CHAPv1, MS-CHAPv2 or EAP-MS-CHAPv2

Shared Secret is a shared secret to connect VT AIR to the radius server

Services Offered can only be Authentication for the moment

Authentication Port can be set up and is 1812 by default

Authentication Timeout is how long (in seconds) the RADIUS server may take to respond to an authentication request. The default is 5