TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

351

352

353

354

355

356

357

358

359

360

4-65

Firewall

User Authentication

2. In the Server Address field, type the IP address or FQDN of your RADIUS

server. The port is always 1812.

3. In the Secret and Confirm Secret fields, type the shared secret for your

RADIUS server.

4. In the NAS Identifier field, type the NAS ID associated with the module.

The default NAS Identifier is the module’s hostname.

Note The field NAS-Identifier is only sent for CHAP and MS-CHAP authentica-

tion requests (not for PAP requests).

5. Optionally, for Domain Name, type the domain name associated with your

RADIUS server.

When the TMS zl Module authenticates users to an external RADIUS

server, it selects the authentication server based on the domain name.

Therefore, when users attempt to log in to the TMS zl Module, they should

type <username>@<domain name> and their password on the Web login

page.

You may also choose to leave this field blank. When you leave the Domain

Name field blank, the TMS zl Module assigns the RADIUS server to the

global domain. Then, when users log in using the TMS zl Module's login

page, they simply enter their username. They do not need to include a

domain name. When a user submits credentials without a domain name,

the module checks the username first against the local manager and

operator accounts, and then it checks the username against the RADIUS

server in the global domain. Similarly, when a user submits credentials

with a domain name that is not configured for one of the TMS zl Module’s

RADIUS servers, the module submits the request to the global domain.

6. As mentioned, users may submit their username followed by

@<domain name>. However, sometimes the RADIUS server will not recog-

nize the domain name. In this case, select the Strip domain from user name

in RADIUS request check box.

7. Click OK. The RADIUS server is now displayed in the Network > Authenti-

cation > RADIUS window.

8. Click Save.

Create User Groups. When the external RADIUS server permits a user, it

should send an AVP to the TMS zl Module informing the module of the user’s

group. (This group name is configured as the value for the Filter-IDattribute