LDAP Authentication (XMC)

LDAP authentication uses a backend Active Directory server or LDAP server
defined in your AAA Configuration to authenticate users. Additionally, some
protocols also require RADIUS server and client certificates to be used in
conjunction with LDAP authentication.

Active Directory

Supported Protocols: PAP, MsCHAP, PEAP, EAP-MsCHAPV2, and EAP-TTLS
with tunneled PAP.

PAP or EAP-TTLS with tunneled PAP protocols

During the authentication process, the Access Control engine sends an LDAP
bind request to the Active Directory domain controller using the password
retrieved from the end user’s authentication request. Therefore, the LDAP
protocol must be allowed between the Access Control engine and the Active
Directory domain controller for the authentication process to take place.

MsCHAP, PEAP, and EAP-MsCHAPv2 protocols

These three protocols work with Active Directory (and not other LDAP servers)
because they use NT Hash for password encryption, which is the same
password hash type used by the Microsoft Active Directory domain controller.

Local Authentication

Local authentication uses a local password repository defined in your AAA
Configuration to authenticate users. Additionally, some protocols also require
RADIUS server and client certificates to be used in conjunction with local
authentication.

When you add or edit a user in your local password repository, you can specify
the password hash type used to encrypt the user’s password in the Extreme
Management Center and NAC Manager databases.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s