Hide Navigation Pane
Show Navigation Pane
Download
SHA1
Creating an Authentication Realm (NSM Procedure)
To create an authentication realm:
- In the NSM navigation tree, select Device Manager > Devices.
- Click the Device Tree tab, and then double-click the Infranet Controller device for which you want to create an authentication realm.
- Click the Configuration tab. In the configuration tree, select Administrators > Admin Realms or Users > User Realms.
- Add or modify settings on the General tab as specified in Table 25.
- Click one:
- OK—Saves the changes.
- Cancel—Cancels the modifications.
Table 25: Authentication Realms Configuration Details
Option | Function | Your Action |
|---|---|---|
Realm Name | Specifies a unique name for the authentication realm. | Enter the name. |
Description | Describes the authentication realm. | Enter a brief description for the authentication protocol. |
When editing, start on the Role Mapping page | Specifies whether the Role Mapping tab should be selected when you open the realm for editing. | Select this option to start editing on the Role Mapping page. |
Authentication | Indicates the authentication server for authenticating the users who sign in to this realm. | Select the authentication. Note: The Infranet Controller supports RADIUS proxy for both inner and outer authentication. RADIUS proxy allows you to use an external RADIUS server for authentication. If the authentication server for a realm is a RADIUS server, three option buttons are visible: Proxy RADIUS Inner Authentication, Proxy RADIUS Outer Authentication, and Do not proxy. If the authentication server is not a RADIUS server, the proxy check boxes are hidden. See “Using RADIUS Proxy.” When RADIUS proxy is used, realm or role restrictions cannot be enforced. Host Checker policies, source IP restrictions, and any other limits that have been assigned are bypassed. RADIUS proxy should be used only if no restrictions have been applied. |
Directory/Attribute | Specifies the directory or attribute server to use. | Select this option to specify which directory or attribute server to use. |
Accounting | Specifies the RADIUS accounting server to use. | Select this option to specify which RADIUS accounting server to use. Note: If the LDAP server is down, user authentication fails. You can find messages and warnings in the event log files. When an attribute server is down, user authentication does not fail. Instead, the groups or attributes list for role mapping and policy evaluation is empty. |
Enable Dynamic policy evaluation | Enables an automatic timer for dynamic policy evaluation of this realm’s authentication policy, role mapping rules, and role restrictions. | Select this option to enable dynamic policy evaluation. Note: If you select Dynamic policy evaluation and you do not select Refresh roles and Refresh resource policies, the Infranet Controller evaluates the realm’s authentication policy, role mapping rules, and role restrictions only. Because dynamic policy evaluation can potentially impact system performance, keep these guidelines in mind:
|
Refresh roles | Refreshes the roles of all users in this realm. (This option does not control the scope of the Refresh Now button.) | Select this option to refresh roles. |
Refresh policies | Refreshes the resource policies (not including Meeting and Email Client) for all users in this realm. (This option does not control the scope of the Refresh Now button.) | Select this option refresh policies. |
Refresh interval (minutes) | Specifies how often you want the Infranet Controller to perform an automatic policy evaluation of all currently signed-in realm users. Specify the number of minutes (5 to 1440). | Enter the frequency in minutes. |
