Scribd
Upload
23 views

Internet Access Mangement: External Server Authentication

This document discusses configuring external server authentication in Sangfor IAM. There are three main types of external servers supported: LDAP, RADIUS, and POP3. The configuration process involves selecting the server type, setting communication parameters, and configuring an authentication policy to use the external server for authentication. An example configuration is provided for connecting to a Microsoft LDAP server for user authentication. Key steps include adding an LDAP user group, configuring the LDAP server settings, and enabling automatic user synchronization from the LDAP server OU.

Uploaded by

nazri prop
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
23 views

Internet Access Mangement: External Server Authentication

This document discusses configuring external server authentication in Sangfor IAM. There are three main types of external servers supported: LDAP, RADIUS, and POP3. The configuration process involves selecting the server type, setting communication parameters, and configuring an authentication policy to use the external server for authentication. An example configuration is provided for connecting to a Microsoft LDAP server for user authentication. Key steps include adding an LDAP user group, configuring the LDAP server settings, and enabling automatic user synchronization from the LDAP server OU.

Uploaded by

nazri prop
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 17

Internet Access

Mangement
External Server Authentication

Sangfor Technologies
www.sangfor.com
Training Topics Training Objective
Basic Introduction Understand the three supporte
d types of external authenticati
on server
Authentication Procedure Understand the authentication
procedure
Configuration Know how to configure the aut
hentication with LADP server,

understand the configuration o


f other servers.
Basic
Basic Introduction
Introduction

Authentication Procedure
SANGFOR
IAM
Configuration Examples

Practice 深信服公司简介
Basic Introduction
External Auth/ third-party auth means that account information is saved by the third-
party authentication server, IAM need to forward these information to the third-party
server when received it, then the third-party server feedback the result, IAM for
verification, IAM confirm whether the client pass the authentication or not based on this
result. Microsoft AD
Open LDAP
Sun LDAP
LDAP Auth IBM LDAP
Lotus LDAP
Third-party RADIUS Auth Novell LDAP
Authentication
Other LDAP
Technology
POP3 Auth Microsoft AD is the main-
stream authentication solution
Authentication Procedure
1. The client send authentication
information to IAM,

2. IAM confirm the authentication type,


forward the information to the third-
party authentication server.

3. The third-party server verify the


information and feedback the result

4. IAM confirm whether the client pass


or not

5. The client can connect to Internet.


Detailed Procedure
Match the
Y redirect to
authentication password
Client Data authentication
policy based on authentication
page
Client IP or MAC

Fill in user name and


password

Add new user and


authentication IAM local Y The user and
successed authentication password are
successed or stored by IAM
Y failed

Authentication The user N


N AM forward
policy Allow name is Authenticationauthentication
to add new already successedinformation to the third-
user stored by
party server
automatically IAM
Y Authentication
failed
N
Authentication Authentication
successed failed
Authentication
Failed
User Requirement
The essential conditions
External Server Configuration
1. Select the type of third party authentication server , LDAP/Radius/POP3

2. Setting up communication parameters, IP, Port, Time out


Instance
Configuration
Instance
Background :

A company has Microsoft Ldap server, with the domain name sangfor.local, server ip is

192.200.17.189,

Requirment: synchronizing all user and container information under the OU “train”, the

user need to user ladp username and password for surfing. The new ladp user can pass the

IAM authentication.
Instance
Configuration setup:

1. Add a new user group for the ladp users

2. Add a third-party authentication server, setting up server information.

3. Setting up automatic synchronize , synchronizing all users and containers under the OU “train”

4. Add a new authentication policy


Step 1
Add a new group named "LDAP"
Step 2
Add a new third-party authentication server , setting up server
information
Step 3
Add a new policy
Notes
1. IAM 11.0 does not requires the user list Synchronize from the
external authentication server into the local IAM machine. Instead
the IAM will only “showing” the user list.

2. The network administrator can search a specific user in the


external authentication server by utilizing the user attribute in IAM.
FAQ

There is same user name “test”, exist in the third-party authentication server and IAM loc
al database at the same time. How the authentication process works?

The local user have the high priority, so it will match the local database firstly, if auth failed,then t
he process is over.

There is same user name "test",exist in many third-party authentication server,how about the authenti
cation process?

IAM will send the username and password to all third-party authentication servers at the same ti
me, if anyone of server feedback username/password is ok ,then auth success.
www.sangfor.com

Sangfor Technologies (Headquarters)


Block A1, Nanshan iPark, No.1001
Xueyuan Road, Nanshan District,
Shenzhen, Guangdong Province,
P. R. China (518055)

You might also like