User's Manual
Chapter 5: User Management
130
To enable your AD server on the KX II-101:
1. Using the KX II-101, create special groups and assign proper
permissions and privileges to these groups. For example, create
groups such as KVM_Admin and KVM_Operator.
2. On your Active Directory server, create new groups with the same
group names as in the previous step.
3. On your AD server, assign the KX II-101 users to the groups created
in step 2.
4. From the KX II-101, enable and configure your AD server properly.
See Implementing LDAP/LDAPS Remote Authentication (on
page 127).
Im
portan
t Notes:
• Group Name is case sensitive.
• The KX II-101 provides the following default groups that cannot been
changed or deleted: Admin and <Unknown>. Verify that your Active
Directory server does not use the same group names.
• If the group information returned from the Active Directory server
does not match a KX II-101 group configuration, the KX II-101
automatically assigns the group of <Unknown> to users who
authenticate successfully.
Implementing RADIUS Remote Authentication
Remote Authentication Dial-in User Service (RADIUS) is an AAA
(authentication, authorization, and accounting) protocol for network
access applications.
To use the RADIUS authentication protocol:
1. Click User Management > Authentication Settings to open the
Authentication Settings page.
2. Click elect the RADIUS radio button to enable the RADIUS section of
the page.
3. Click the
icon to expand the RADIUS section of the page.
4. In the Primary Radius Server and Secondary Radius Server fields,
type the IP address of your primary and optional secondary remote
authentication servers, respectively (up to 37 characters).
5. In the Shared Secret fields, type the server secret used for
authentication (up to 37 characters).
The shared secret is a character string that must be known by both
the KX II-101 and the RADIUS server to allow them to communicate
securely. It is essentially a password.