The Auth servers section allows you to configure an LDAP connector, RADIUS, TACACS+, NTLM, and SAML IDP servers. You configure auth servers at the users auth-servers level. We will consider it in the respective sections below.
To reset a user authorization using the IP address, use the following command:
Admin@UGOS# set settings usersession terminate <ip>12.8.3.1. Configuring LDAP connectors¶
You configure LDAP connectors at the users auth-servers ldap level.
To create an LDAP connector, use the following command:
Admin@UGOS# create users auth-servers ldapProvide the following parameters:
|
Parameter |
Description |
|---|---|
|
name |
LDAP connector name. |
|
enabled |
Enable/disable the auth server. |
|
description |
LDAP connector description. |
|
ssl |
Values:
|
|
address |
Controller IP address or the LDAP domain name. |
|
bind-dn |
User name used to connect to the server. Format: DOMAIN\username or username@domain. The user must be a user in the domain. |
|
password |
The user's password for connecting to the domain. |
|
domains |
List of domains served by the domain controller. |
|
search-roots |
The list of LDAP server paths relative to which the system will search for users and groups. Specify the full name, e.g. ou=Office,dc=example,dc=com. If the search paths are not specified, the system will search over the entire directory, starting from the root. |
To update information about an existing LDAP connector, use the following command:
Admin@UGOS# set users auth-servers ldap <ldap-server-name>The parameters available to update are the same as those for creating an LDAP connector.
To delete an LDAP connector, use the following command:
Admin@UGOS# delete users auth-servers ldap <ldap-server-name>You can also delete individual parameters of an LDAP connector. You can delete the following parameters:
-
domains.
-
search-roots.
To display information on an LDAP connector, use the following command:
Admin@UGOS# show users auth-servers ldap <ldap-server-name>12.8.3.2. Configuring RADIUS servers¶
You configure RADIUS servers at the users auth-servers radius level.
To create a RADIUS auth server, use the following command:
Admin@UGOS# create users auth-servers radiusProvide the following parameters:
|
Parameter |
Description |
|---|---|
|
name |
The RADIUS server name. |
|
enabled |
Enable/disable the auth server. |
|
description |
Auth server description. |
|
secret |
Pre-shared key used by the RADIUS protocol for authentication. |
|
addresses |
IP address and the UDP port on which the RADIUS server listens to requests (default port: 1812). Format: <ip:port>. |
To update information about a RADIUS server, use the following command:
Admin@UGOS# set users auth-servers radius <radius-server-name>The parameters you can update are the same as those used to create an auth server.
To delete a server, use the following command:
Admin@UGOS# delete users auth-servers radius <radius-server-name>You can also delete individual parameters of a RADIUS server. You can delete the following parameters:
-
addresses.
To display information about a RADIUS server, use the following command:
Admin@UGOS# show users auth-servers radius <radius-server-name>12.8.3.3. Configuring a TACACS+ server¶
You configure a TACACS+ server at the users auth-servers tacacs level.
To create a TACACS+ auth server, use the following command:
Admin@UGOS# create users auth-servers tacacsProvide the following parameters:
|
Parameter |
Description |
|---|---|
|
name |
TACACS+ server name. |
|
enabled |
Enable/disable the auth server. |
|
description |
Auth server description. |
|
secret |
Pre-shared key used by the TACACS+ protocol for authentication. |
|
address |
The IP address for the TACACS+ server. |
|
port |
The UDP port on which the TACACS+ server listens for authentication requests. By default, UDP port 1812 is used. |
|
single-connection |
Use a single TCP connection for communicating with the TACACS+ server. |
|
timeout |
The authentication timeout for the TACACS+ server. The default is 4 seconds. |
To update information about a TACACS+ server, use the following command:
Admin@UGOS# set users auth-servers tacacs <tacacs-server-name>The parameters you can update are the same as those used to create an auth server.
To delete a server, use the following command:
Admin@UGOS# delete users auth-servers tacacs <tacacs-server-name>To display information about a TACACS+ server, use the following command:
Admin@UGOS# show users auth-servers tacacs <tacacs-server-name>12.8.3.4. Configuring NTLM servers¶
You configure NTLM servers at the users auth-servers ntlm level.
To create an NTLM auth server, use the following command:
Admin@UGOS# create users auth-servers ntlmProvide the following parameters:
|
Parameter |
Description |
|---|---|
|
name |
The NTLM server name. |
|
enabled |
Enable/disable the auth server. |
|
description |
Auth server description. |
|
win-domain |
Windows domain name. |
To update information about an NTLM server, use the following command:
Admin@UGOS# set users auth-servers ntlm <ntlm-server-name>The parameters you can update are the same as those used to create an auth server.
To delete a server, use the following command:
Admin@UGOS# delete users auth-servers ntlm <ntlm-server-name>To display information about an NTLM server, use the following command:
Admin@UGOS# show users auth-servers ntlm <ntlm-server-name>12.8.3.5. Configuring an SAML IDP server¶
You configure an SAML IDP server at the users auth-servers saml-idp level.
To create an SAML IDP auth server, use the following command:
Admin@UGOS# create users auth-servers saml-idpProvide the following parameters:
|
Parameter |
Description |
|---|---|
|
name |
SAML IDP server name. |
|
enabled |
Enable/disable the auth server. |
|
description |
Auth server description. |
|
metadata-url |
The URL on the SAML IDP server from where an XML file with a valid configuration for this SAML service provider (client) can be downloaded. |
|
certificate |
The certificate that will be used on the SAML client. |
|
sso-url |
The URL that is used on the SAML IDP server as the single login point. For more details, see the documentation for your SAML IDP server. |
|
sso-binding |
The method used to work with a SSO single login point. Options: POST and Redirect. For more details, see the documentation for your SAML IDP server. |
|
slo-url |
The URL used on the SAML IDP server as the single logout point. For more details, see the documentation for your SAML IDP server. |
|
slo-binding |
The method used to work with a SSO single logout point. Options: POST and Redirect. For more details, see the documentation for your SAML IDP server. |
To update information about an SAML IDP server, use the following command:
Admin@UGOS# set users auth-servers saml-idp <saml-idp-server-name>The parameters you can update are the same as those used to create an auth server.
To delete a server, use the following command:
Admin@UGOS# delete users auth-servers saml-idp <saml-idp-server-name>To display information about an SAML IDP server, use the following command:
Admin@UGOS# show users auth-servers saml-idp <saml-idp-server-name>