Manualshelf

HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager additional Unlimited-node License
81828384858687888990
79
Auto Back to Primary setting is Yes, TAM automatically switches back to the primary server
after the server becomes available. If the setting is No, TAM continues to use the backup server.
Interval—Minimum interval (in hours) between a primary-to-backup switchover and an
automatic backup-to-primary switchover. This setting takes effect only when auto back to
primary is enabled. TAM can automatically switch back to the primary server only if the
backup server has been working for a period equal to or longer than this interval since the
primary-to-backup switchover. This feature helps avoid frequent primary and backup
switchovers caused by the instability of the primary server.
4. Click Back to return to LDAP Server List.
Adding an LDAP server
To add an LDAP server to TAM is to establish the association between TAM and the LDAP server.
1. Click the Service tab.
2. Select TACACS+ AuthN Manager > LDAP Service > LDAP Servers from the navigation tree.
The LDAP Server List displays all LDAP servers.
3. Click Add in the LDAP Server List area to enter the Add LDAP Server page.
4. Configure basic LDAP server information:
Server NameEnter an LDAP server name, which must be unique in TAM.
VersionSelect an LDAP protocol version, 2 or 3 from the list. Make sure the LDAP server
supports the selected protocol version. Otherwise, TAM cannot communicate with the LDAP
server.
IP AddressEnter the IP address of the LDAP server. If the LDAP server has more than one NIC,
enter the IP address of the NIC used for communicating with TAM.
PortEnter the TCP port number on which the LDAP server listens for the packets from TAM. The
default port number is 389, which is used by most LDAP servers.
Server TypeSelect an LDAP server type, Microsoft AD or General from the list. To use
Microsoft Windows AD-specific functions, set the server type to Microsoft AD. In any other
cases, set the server type to General.
Real-Time AuthNSelect whether the authentication is performed by the LDAP server, Yes or
No.
YesLDAP users are authenticated on the LDAP server.
NoLDAP users are authenticated on TAM.
If TAM cannot synchronize passwords from some LDAP server (for example, the Microsoft
Active Directory), bound users are authenticated on the LDAP server even if you do not specify
real time authentication for the LDAP server.
Reconnect IntervalSelect the time that TAM must wait before retrying to connect to the LDAP
server after a connection failure. Options include some specific time intervals and Disable Auto
Connect. As shown in Figure 19, without Reconnect Interval, a requesting LDAP user must wait
for a time specified by Connection Wait Timeout before being told the user has been rejected
because the LDAP server cannot be reached. With this parameter configured, each time TAM
fails to connect the LDAP server, the specified Reconnect Interval takes effect. During this
interval, TAM directly rejects all authentication requests that must be forwarded to the LDAP
server. Select Disable Auto Connect to disable TAM from automatically retrying to connect to
the LDAP server after a connection failure. In this case, an operator must manually connect the