8.3. Authentication Server

You can find the Authentication Server Settings at System → Auth. Server.

On the Authentication Server screen you can quick edit some settings like activating/deactivating and deleting authentication servers.

Each server can have a name and can be enabled individually. You can choose either LDAP or RADIUS as type.

After creating the Authentication Server you still need to create a user with the same username in User. A password has to be supplied as well which might be random. The user will only be authenticated against the chosen Authentication Server though.

8.3.1. LDAP

Hostname or IP address has to be configured

Port can be configured and is by default 389 for TCP/TLS and 636 for SSL

Transport can be TCP - Standard, TCP - STARTTLS, or SSL - Encrypted

Protocol version can be 2 or 3

Server Timeout is the timeout for LDAP operations in seconds. Default is 25

Search Scope Level can be Entire Subtree or One Level

Search Scope Base DN is the Base Distinguished Name for the search scope

Bind anonymous can be enabled or disabled

Bind User DN can be set up if Bind anonymous is disabled

Bind Password can be set up if Bind anonymous is disabled

Method can be User or Custom

Custom Query can be configured but please use the string USER where the username should be added in the query. It will be replaced with the actual username

Initial Template can be OpenLDAP, Microsoft AD or Novell eDirectory

User naming attribute uniquely identifies an entry and is cn by default

Group can be enabled or disabled

Group member attribute can be configured if Group is enabled and is member by default

Group CN can be configured if Group is enabled to find a group the user has to belong to in order to login

Sync User Group if you want matching group names in VT AIR to get the user added automatically

Group class attribute is the class attribute of the group (e.g. group or posixGroup)

Group naming attribute usually CN

Username Alterations determines whether the username after the @ symbol will be stripped away or not

8.3.2. RADIUS

Hostname or IP address has to be configured

Protocol can be PAP, CHAP, MS-CHAPv1, EAP-MD5 or EAP-MS-CHAPv2

Shared Secret is a shared secret to connect VT AIR to the radius server

Services Offered can only be Authentication for the moment

Authentication Port can be set up and is 1812 by default

Authentication Timeout is how long (in seconds) the RADIUS server may take to respond to an authentication request. The default is 5