This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Expedition Articles
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Featured Article

**IMPORTANT - We Want to Hear from You ** - Share your feedback for Expedition Tool

sanandh
L2 Linker
Expedition Community, 
We request your feedback on the Expedition tool. This will help us to gain insight into your utilization of Expedition and understanding the aspects that are most important to you.
Please invest a quick 2 minutes to share your thoughts by completing this short survey: https://forms.gle/8AWGJTj7HX5ecqqL7 
 
Appreciate your feedback,
Expedition Team

Authentication via LDAP server

Expedition offers local user authentication and external user authentication via LDAP and Radius servers.   In this example, we will illustrate how to configure external authentication via a Windows Active Directory server.     Settings in LDAP Server We have created a server under the domain sctc.domain.local, defined a group called "developers" and added a user "didac gil" with logon name "didacgil9".   In the figure, we can notice that users authenticate with the suffix "@sctc.domain.local". We will have to take account of this value for providing the correct settings in Expedition to complete the user authentication.   View of Active Directors Users and Computers, highlighting @sctc.domain.local in a user account.   Defining LDAP Server in Expedition In Expedition, we will first define the LDAP authentication server. Only Superusers have rights for server registration or modification. We have two different approaches for user authentication.   Approach 1. User needs to enter full logon name Define a server providing the desired server's name, the server's address and port, server type (Windows or Linux), Search DN parameters and SSL and/or TLS usage.   In our case, we our server responds at sctc.domain.local port:389 and we have named LDAP_approach1. The users that will use this server for authentication belong to the developers group, therefore we have provided the following Search DN: "CN=developers,DC=sctc,DC=domain,DC=local". Contact your Active Directory administrator to verify your correct Search DN parameters.     View of Approach 1 to Add New LDAP Server using the address sctc.domain.local.   After saving, we will test the server settings clicking on the diagnostics icon. We will be required to enter an existing user's credentials.    View of LDAP Test Connection   A feedback will be provided with the results of the connection.   Through this approach, users will have to provide their full account name for authentication. In our case, didacgil9@sctc.domain.local will be the user name account required to have a valid authentication.     Approach 2. Server specifies the user suffix In this case, we will facilitate the user's logon, providing the suffix already in the server settings. This way, a user will only have to write their account name "didacgil9". View of Approach 2 to Add New LDAP Server using the address sctc.domain.local.   Notice that using this approach, all users must share the same suffix in order to be able to validate their credentials.
View full article
100% helpful (2/2)
‎09-27-2019 11:13 AM
  • 54 Posts
  • 288 Subscriptions
Latest Comments
Top Contributors
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks