WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

681

682

683

684

685

686

687

688

689

690

11-19

RADIUS Server

RADIUS Authentication

You must never assign a user to groups with overlapping access days or times:

such a configuration prevents you from determining which policy applies to the

user during the overlapping times. For example, if one group allows access at

all times and another group allows access only during normal work hours, you

cannot assign a user to both groups. During the day, the policies would conflict.

9. Click the OK button.

The user account is displayed in the Network Setup > Local RADIUS Server > Users

screen. Information about the account is listed in these columns:

■ User ID—the username

■ Guest User—displays a red X for normal accounts and a green check for guest

accounts

■ Start Date—the date and time at which a guest account becomes active (not

applicable to normal accounts, which are immediately active)

■ Expiry Date—the date and time at which the guest account becomes no longer

active (not applicable to normal accounts, which are permanent)

When you select an account, the group or groups for the user are displayed in the

Assigned Groups section.

To modify an account, select it and click the Edit button. The EDIT screen, which is

similar to the Add screen, is displayed.

In the EDIT screen, you can change the user’s password and group assignments.

However, you cannot alter the username or the definition of the account as a normal

or guest account. When you have finished your modifications, click the OK button.

To delete an account, select it in the Network Setup > Local RADIUS Server > Users

screen and click the Delete button. When prompted, click OK to restart the RADIUS

server and apply the change.

Every 24 hours, the Wireless Edge Services zl Module checks the local RADIUS

server database and removes any expired guest accounts.

Using LDAP for the Data Source

The Wireless Edge Services zl Module’s internal RADIUS server can authenticate

users against an LDAP data source. To authenticate successfully, a user must meet

these conditions:

■ has an account stored on the directory server

■ enters a password that matches the password in this account (or, for TLS, has a

valid digital certificate)

■ is listed in the directory as member of a group currently allowed access