18. Configuration » General Settings » User Authentication¶
To configure remote authentication mechanisms and login window settings click Configuration » General Settings » User Authentication.
Persistent Sessions enables cookie-based authentication for Console users that select the Remember option in the login screen. Subsequent sessions skip the login screen for the next 30 days or until the user logs out.
Authentication Mode enables or disables the authentication of Console users that are not defined in Configuration » General Settings » User Management but are defined in LDAP or Radius.
LDAP server settings:
● Priority – You can set the order in which Console connects to multiple authentication services. The authentication process stops after the first successful authentication● Template User – Remotely-authenticated users without a Console account have the privileges of the Template User● LDAP Host – IP or hostname of the LDAP server. To connect to a LDAP server by SSL, set this parameter as ldaps://<IP>:port/● Login Attribute – Enter the LDAP attribute that contains the username. For Active Directory it usually is mailNickname or sAMAccountName, for OpenLDAP or IBM Directory Server it could be uid● LDAP Base DN – Specify the location in the LDAP hierarchy where Console should begin searching for usernames for authorization requests. The base DN may be something equivalent to the organization, group, or domain name (AD) of the external directory: dc=domain,dc=com● Bind User DN/Password – Distinguished name and password for a LDAP user permitted to search within the defined Base DN● Search Filter – Can contain rules that restrict which users are authenticated using the current configuration. For example, the string “|(department=*NOC*)(department=ISP)” only allows users to authenticate in Console from departments containing the string “NOC” or (|) from the “ISP” department
RADIUS server settings:
● Priority – You can set the order in which Console connects to multiple authentication services. The authentication process stops after the first successful authentication● Template User – Remotely authenticated users without a Console account have the privileges of the Template User● RADIUS Host – IP or hostname of the Radius server● RADIUS Port – Port through which the Radius server is listening for authentication requests● RADIUS Protocol – Protocol used for authentication purposes:○ PAP (Password Authentication Protocol) – provides a simple method for the peer to establish its identity using a 2-way handshake○ CHAP (Challenge-Handshake Authentication Protocol) – authenticates a user or network host to an authentication entity○ MSCHAP – is the Microsoft version of the Challenge-handshake authentication protocol, CHAP○ MSCHAP2 – is another version of Microsoft version of the Challenge-handshake authentication protocol, CHAP● RADIUS Secret – Enter the credentials for connecting to the Radius server.
The content of the Login Window Notification field is shown inside the Console login window.