Avaya

Modular Messaging Help

Home | Search | Site Index
Print | Back | Fwd | Legal | Close

 Getting Started 
 Installation 
 Administration 
 Maintenance 
 Reference 
 
Home > Administration > Administering the servers > Configuring the MSS for login authentication by a AAA server

Configuring the MSS for login authentication by a AAA server

This topic provides information about configuring an Authentication, Authorization, and Accounting (AAA) sever. A AAA server is an optional, customer-provided server that can be used to authenticate administration accounts (logins) on the MSS.

An administrator using the sa login, or an administration account that is allowed to access the Configure Authentication, Authorization, and Accounting (AAA) Server page, can configure a AAA server. You can configure one or two Remote Authentication Dial-In User Service (RADIUS), Lightweight Directory Access Protocol (LDAP), or Active Directory servers. Only one type of AAA server (RADIUS, LDAP, or Active Directory) can be enabled.

Administration accounts on the MSS that will be authenticated by a RADIUS AAA server must be defined on the MSS and the AAA server. For a RADIUS AAA server, passwords associated with administration accounts on the MSS, must be changed on the AAA server. For an LDAP or Active Directory AAA server, passwords associated with administration accounts on the MSS can be changed from the MSS, if allowed by the AAA server. For information about changing passwords, see Managing administration accounts on the MSS. For all types of AAA servers, it may take one hour or more for a password change to take effect.

To use Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to encrypt the information sent to and from a AAA Server, in addition to configuring the server to use TLS or SSL (see the LDAP and Active Directory configuration procedures below), a security certificate must be installed on the MSS and on the AAA server. For more information see, Managing security certificates.

To configure a RADIUS server:

  1. On the Configure Authentication, Authorization, and Accounting (AAA) Server page, click the RADIUS radio button.
  2. In the Server Name field, enter the Fully Qualified Domain Name, an alias, or the IP address of the AAA server.
  3. The default port number for a RADIUS server is 1812 (UDP). To use a different port number, in the Alternate Port field, enter the port number you want to use.
  4. In the Shared Secret field, enter the shared secret for encryption of the login credentials that are passed to the AAA server for authentication.

    5. Note: The shared secret you enter for this field must match the shared secret administered on the AAA server.

    For more information, click the field names or Help.

  5. Click Save.

To configure an LDAP server that complies with RFC 2307 (POSIX):

  1. On the Configure Authentication, Authorization, and Accounting (AAA) Server page, click the LDAP (POSIX) radio button.
  2. In the Server Name field, enter the Fully Qualified Domain Name, an alias, or the IP address of the AAA server.
  3. The default port number for an LDAP server is 389. To use a different port number, in the Alternate Port field, enter the port number you want to use.
  4. In the Base DN field, enter the LDAP base Distinguished Name (DN).

    Note: This is the base DN of the LDAP directory on the AAA server where user login credentials are stored. This LDAP directory will be used to authenticate user logon requests.

  5. To use Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to encrypt the information sent to and from the AAA server, select (check) the Use TLS/SSL checkbox.
  6. To specify a Bind DN (also called a User DN), complete the Bind DN, Password, and Confirm Password fields. If you do not specify a Bind DN and password, an anonymous bind will be used to connect to the AAA server.

    7. For more information, click the field names or Help.

  7. Click Save.

To configure an Active Directory server running Services for UNIX (SFU):

    Note: Ensure that group names administered on Active Directory used by Services for UNIX should not contain any spaces.

  1. On the Configure Authentication, Authorization, and Accounting (AAA) Server page, click the ACTIVE DIRECTORY (SFU) radio button.
  2. In the Server Name field, enter the Fully Qualified Domain Name, an alias, or the IP address of the AAA server.
  3. The default port number for an LDAP server is 389. To use a different port number, in the Alternate Port field, enter the port number you want to use.
  4. In the Base DN field, enter the LDAP base Distinguished Name (DN).

    Note: This is the base DN of the LDAP directory on the AAA server where user login credentials are stored. This LDAP directory will be used to authenticate user logon requests.

  5. To use Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to encrypt the information sent to and from the AAA Server, select (check) the Use TLS/SSL checkbox.
  6. To specify a Bind DN (also called a User DN), complete the Bind DN, Password, and Confirm Password fields. If you do not specify a Bind DN and password, an anonymous bind will be used to connect to the AAA server.

    7. For more information, click the field names or Help.

  7. Click Save.

To configure an Active Directory server running Identity Management for UNIX (IDMU):

  1. On the Configure Authentication, Authorization, and Accounting (AAA) Server page, click the ACTIVE DIRECTORY (IDMU) radio button.
  2. In the Server Name field, enter the Fully Qualified Domain Name, an alias, or the IP address of the AAA server.
  3. The default port number for an LDAP server is 389. To use a different port number, in the Alternate Port field, enter the port number you want to use.
  4. In the Base DN field, enter the LDAP base Distinguished Name (DN).

    Note: This is the base DN of the LDAP directory on the AAA server where user login credentials are stored. This LDAP directory will be used to authenticate user logon requests.

  5. To use Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to encrypt the information sent to and from the AAA Server, select (check) the Use TLS/SSL checkbox.
  6. To specify a Bind DN (also called a User DN), complete the Bind DN, Password, and Confirm Password fields. If you do not specify a Bind DN and password, an anonymous bind will be used to connect to the AAA server.

    7. For more information, click the field names or Help.

  7. Click Save.

To disable all configured AAA servers, on the Configure Authentication, Authorization, and Accounting (AAA) Server page, click the NONE radio button. Any configured servers are disabled, but the configuration information remains, so that you can easily enable the server.

Top of page

Home | Search | Site Index | Print | Back | Fwd | Legal | Close

©2008 Avaya Inc. All rights reserved. Last modified: