User's Guide

AirTight Management Console User Guide

Click Restore Defaults.

3. Click Save to save the changes.

Copy RADIUS Configuration to Another Server

You can copy the RADIUS configuration from one server to another server when both servers are part of

the same server cluster. You can copy RADIUS configuration from child server to child server, parent

server to child server, or child server to parent server. You must be a superuser or an administrator to

copy policies from one server to another.

Note: When a RADIUS configuration is copied to another server, the value of the Locations field in the

replicated policy on the destination server is set to 'root' (location).

To copy RADIUS configuration, do the following.

Go to Configuration>User Accounts>RADIUS Configuration on the parent server.

2. Click Copy Policy. The Copy Policies dialog box appears.

3. Select the server from which the RADIUS configuration is to be copied.

4. Select the server to which the RADIUS configuration is to be copied.

Click OK to copy the RADIUS configuration.

Configure Parameters for Certificate-based authentication

AirTight Management Console supports user authentication using digital certificates. Configure the

settings for user authentication using the Configuration>User Accounts>Certificate Configuration

option.

There are four ways to authenticate users - password only, certificate only, certificate and password and

certificate or password.

Password only: In this option, the user authentication is performed using the password. The user has to

enter the user name and the password at the login prompt. The password may be locally verified by the

system or may be verified using the external LDAP or RADIUS authentication service, as appropriate.

Certificate only: In this option, the user authentication is performed using the client certificate (such as

smart card). The user has to insert a smart card containing the client certificate in a reader attached to the

computer from where the console is accessed and then press the Login button. The system then verifies

the client certificate and obtains user identity (user name) from the certificate. Other attributes for the user

are retrieved either locally or from the external authentication services such as LDAP or RADIUS, as

appropriate. When this authentication option is set, the login screen appears as follows:

Certificate and Password: In this option, both the client certificate and the password are required for the

user authentication. The user has to insert a smart card containing the client certificate in a reader

attached to the computer from where the console is accessed, as well as enter the password at the login

prompt. The system verifies the password locally or using the external LDAP or RADIUS authentication

service, as appropriate. When this authentication option is set, the login screen appears as follows:

Certificate or Password: In this option, the user authentication is permitted either using the password or

using the client certificate. This option is appropriate for organizations which have only partially migrated

to using smart cards for authentication. At login prompt, the user can select certificate authentication by

checking the Use certificate for login box or continue with password authentication by entering login

name and password. When this authentication option is set, the login screen appears as follows: