30. General Settings » User Authentication

To configure remote authentication mechanisms and login window settings, go to Configuration » General Settings » User Authentication.

Persistent Sessions enables cookie-based authentication for Console users that click on the Remember checkbox on the login page. Subsequent sessions skip the login page for the next 30 days.

Authentication Mode enables or disables the authentication of Console users that are not defined in General Settings » User Management but are defined in LDAP or Radius.

Console permits the use of external Radius and LDAP servers for end-user authentication. You must add these servers to the Remote Authentication Services grid:

LDAP Service parameters:

● Priority – You can set the order in which Console connects to multiple authentication services. The authentication process stops after the first successful authentication

● Template User – Remotely-authenticated users without a Console account have the privileges of the Template User

● LDAP Host – IP or hostname of the LDAP server. To connect to a LDAP server by SSL, set this parameter as ldaps://<IP>:port/

● Login Attribute – Enter the LDAP attribute that contains the username. For Active Directory it usually is mailNickname or sAMAccountName, for OpenLDAP or IBM Directory Server it could be uid

● LDAP Base DN – Specify the location in the LDAP hierarchy where Console should begin searching for usernames for authorization requests. The base DN may be something equivalent to the organization, group, or domain name (AD) of the external directory: dc=domain,dc=com

● Bind User DN/Password – Distinguished name and password for a LDAP user permitted to search within the defined Base DN

● Search Filter – Can contain rules that restrict which users are authenticated using the current configuration. For example, the string “|(department=*NOC*)(department=ISP)” only allows users to authenticate in Console from departments containing the string “NOC” or (|) from the “ISP” department

RADIUS Service parameters:

● Priority – You can set the order in which Console connects to multiple authentication services. The authentication process stops after the first successful authentication

● Template User – Remotely authenticated users without a Console account have the privileges of the Template User

● RADIUS Host – IP or hostname of the Radius server

● RADIUS Port – Port through which the Radius server is listening for authentication requests

● RADIUS Protocol – Protocol used for authentication purposes:

• PAP (Password Authentication Protocol) – Provides a simple method for the peer to establish its identity using a 2-way handshake

• CHAP (Challenge-Handshake Authentication Protocol) – Authenticates a user or network host to an authentication entity

• MSCHAP – Is the Microsoft version of the Challenge-handshake authentication protocol, CHAP

• MSCHAP2 – Is another version of Microsoft version of the Challenge-handshake authentication protocol, CHAP

● RADIUS Secret – Enter the credentials for connecting to the Radius server

The content of the Login Window Notification field is shown inside the login window.

The content of the Successful Window Notification field is shown inside the Console window immediately after log in.