Version 7.2 229 Mediant 1000B Gateway & E-SBC
User's Manual 15. Services
15.2.6.3 Securing RADIUS Communication
RADIUS authentication requires HTTP basic authentication (according to RFC 2617).
However, this is insecure as the usernames and passwords are transmitted in clear text
over plain HTTP. Thus, as digest authentication is not supported with RADIUS, it is
recommended that you use HTTPS with RADIUS so that the usernames and passwords
are encrypted. To enable the device to use HTTPS, configure the 'Secured Web
Connection (HTTPS)' parameter to HTTPS Only (see ''Configuring Secured (HTTPS)
Web'' on page 72).
15.2.6.4 RADIUS-based User Authentication in URL
RADIUS authentication of the management user is typically done after the user accesses
the Web interface by entering only the device's IP address in the Web browser's URL field
(for example, http://10.13.4.12/) and then entering the username and password credentials
in the Web interface's login screen. However, authentication with the RADIUS server can
also be done immediately after the user enters the URL, if the URL also contains the login
credentials. For example:
http://10.4.4.112/Forms/RadiusAuthentication?WSBackUserName=John&WSBackPasswor
d=1234
Note: This feature allows up to five simultaneous users only.
15.2.7 RADIUS-based CDR Accounting
Once you have configured a RADIUS server(s) for accounting in ''Configuring RADIUS
Servers'' on page 222, you need to enable and configure RADIUS-based CDR accounting
(see ''Configuring RADIUS Accounting'' on page 871).
15.3 LDAP-based Management and SIP Services
The device supports the Lightweight Directory Access Protocol (LDAP) application protocol
and can operate with third-party, LDAP-compliant servers such as Microsoft Active
Directory (AD).
You can use LDAP for the following LDAP services:
SIP-related (Control) LDAP Queries: LDAP can be used for routing and
manipulation (e.g., calling name and destination address).
The device connects and binds to the remote LDAP server (IP address or
DNS/FQDN) during the service’s initialization (at device start-up) or whenever you
change the LDAP server's IP address and port. Binding to the LDAP server is based
on username and password (Bind DN and Password). Service makes 10 attempts to
connect and bind to the remote LDAP server, with a timeout of 20 seconds between
attempts. If connection fails, the service remains in disconnected state until the LDAP
server's IP address or port is changed. If connection to the LDAP server later fails, the
service attempts to reconnect.
For the device to run a search, the path to the directory’s subtree, known as the
distinguished name (DN), where the search is to be done must be configured (see
''Configuring LDAP DNs (Base Paths) per LDAP Server'' on page 237). The search
To Next Page
Loading...
Need help?
General
