Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
371372373374375376377378379380
4-66
Firewall
User Authentication
page, they simply enter their username. They do not need to include a
domain name. When a user submits credentials without a domain name,
the module checks the username first against the local manager and
operator accounts, and then it checks the username against the RADIUS
server in the global domain. Similarly, when a user submits credentials
with a domain name that is not configured for one of the TMS zl Module’s
RADIUS servers, the module submits the request to the global domain.
6. As mentioned, users may submit their username followed by
@<domain name>. However, sometimes the RADIUS server will not recog-
nize the domain name. In this case, select the Strip domain from user name
in RADIUS request check box.
7. Click OK. The RADIUS server is now displayed in the Network > Authenti-
cation > RADIUS window.
8. Click Save.
Create User Groups. When the external RADIUS server permits a user, it
should send an AVP to the TMS zl Module informing the module of the user’s
group. (This group name is configured as the value for the Filter-IDattribute
in a RADIUS server policy.) The user group must be added to the TMS zl
Module so that you can create firewall access policies that control the traffic
of users in that group.
Any group that is configured on the TMS zl Module will work with the external
RADIUS server as long as it has exactly the same name as the one in the Filter-
ID attribute. Valid groups include the default group (guest) and any groups
that have been configured for local users in the Firewall/XAUTH Users tab. You
can also add groups for use with an external RADIUS server in the User Groups
tab.
Follow these steps:
1. Click Network > Authentication and click the User Groups tab.
Figure 4-42. Network > Authentication > User Groups Window