WESM zl Management and Configuration Guide WT.01.XX and greater
11-20
RADIUS Server
RADIUS Authentication
■ enters a password that matches the password in this account (or, for TLS,
has a valid digital certificate)
■ is listed in the directory as member of a group currently allowed access
The internal RADIUS server verifies that these conditions are met. To do so,
it must bind to the LDAP server and perform searches, looking up the user’s
account and group memberships and verifying the user’s password. See
“Configuring the Internal RADIUS Server to Bind to an LDAP Server” on
page 11-20.
To determine whether the user’s group is currently allowed access, the server
checks the policy stored for that group on its internal database. See “Config-
uring Groups for Use with an LDAP Server” on page 11-24.
Configuring the Internal RADIUS Server to Bind to an LDAP Server.
If you select LDAP as the source for policies and user accounts, you must
enable the Wireless Edge Services zl Module to communicate with your
company’s LDAP server.
The internal RADIUS server performs these functions:
■ It binds to the LDAP server.
To complete the binding, the server submits a distinguished name and
password to the LDAP server. You must specify the name and password
of an account with administrative rights. In addition, you must specify the
base directory in which the administrator account is stored.
■ It searches the LDAP server’s directory to check the user’s credentials and
group memberships.
You must configure filter strings, which the internal RADIUS server uses
to retrieve information from the directory:
• With the user login filter, the internal RADIUS server verifies that the
supplicant has an account and that his or her password matches the
password in that account.
• With the group login filter, the internal RADIUS server checks that the
supplicant is a member of a group that is allowed access.
You must also specify the names of attributes that the RADIUS server
retrieves during these searches, including the password and group
memberships.
To configure LDAP settings, complete these steps:
1. Select Network Setup > Local RADIUS Server and click the
Authentication tab.