Authentication Server
Authentication Server
Selecting Menu Bar → → Auth Server displays the Authentication Server dashboard. The Auth Server tab highlights.
There are features and functions used in Arista NetVisor UNUM and Insight Analytics that are common throughout the user interface (UI). Please refer to the Common Functions section for more information on the use of these functions and features.
The NetVisor UNUM Configuration Authentication Server module provides a convenient method of installing authentication servers.
Lightweight Directory Access Protocol (LDAP) is a standard communications protocol used to read and write data from a Directory Service (DS).
Applications use LDAP to add, remove, or search users and groups in a directory services database or to transport credentials for authenticating DS users.
LDAP communication involves a client (such as an application) and a server (such as an LDAP or Active Directory server).
By default, communications over LDAP are unencrypted. Using an unencrypted connection makes it possible for a malicious user to use network monitoring software to view data packets over the wire.
To alleviate this form of data exposure, NetVisor UNUM provides an option whereby you enable LDAP over Secure Sockets Layer (SSL)/Transport Layer Security (TLS), also known as LDAPS.
Please see the specific Use Case Examples for additional information about configuring LDAP and AD services.
Authentication Server
If no Authentication Servers are configured the following dashboard is displayed.
NetVisor UNUM Platform Configuration Authentication Servers Dashboard
The Authentication Server Management function is used to add, edit or delete LDAP (Lightweight Directory Access Protocol) and AD (Microsoft Active Directory) services.
After logging in as an Administrator you add or modify your LDAP configuration parameters to allow other users to access NetVisor UNUM applications.
Configuration Notes for LDAP
Required parameters are in Green and additional recommended settings in Orange with optional parameters in Blue. Any and all values shown are for illustrative purpose only and should not be used in your environment.
Required
•Type - LDAP/ LDAPS – LDAP typically uses port 389 over a standard unencrypted TCP connection. If your LDAP connection requires an SSL connection, thus LDAPS, the well-known TCP port for SSL is 636.
•Server URL – the URI of the LDAP/LDAPS/AD Directory Server service.
•Manager DN – Also known as the Distinguished Name (DN) used to log in to the Directory Service (DS) and search for user accounts. For example: cn=admin,dc=mydomain,dc=com. The Manager DN may require additional parameters such as uid, ou and o (User ID, Organizational Unit and Org) depending on the LDAP service or Service Provider.
•Base DN – Sets the base point for searches where <distinguished-name> is the LDAP distinguished name of the node of the directory tree to start searches such as: "ou=users,dc=mydomain,dc=com" - This field sets a point in the schema the query should start searching. For example, ou=users,o=xxxxxxxxxxxxxxxxxxxxxx,dc=mydomain,dc=com - Upon finding the admin account defined in Manager DN -admin, for example, the full DN is then used to bind with the supplied password.
Entering your actual parameters in the NetVisor UNUM LDAP settings described below creates a basic connection to the Directory Service.
Recommended
•Password – The account password specified in the Manager DN.
•User DN – The LDAP query string used to find the object representing the user account. The default is empty though "(uid={0})" is sometimes required. The {0} is a required value. It is a token that represents the validated user account. Values entered are dependent on the LDAP service implementation or Service Provider requirements.
•User Search Filter – Sets the filter to use to locate individual users in the directory service. The LDAP query string used to find the user account's group objects. The default is empty. In some LDAP scenarios, the name is: "member of." The {0} is a required value. It is a token that represents the validated user account. Values entered are dependent on the LDAP service implementation or Service Provider requirements.
Entering your actual parameters in the NetVisor UNUM LDAP setting described below authenticates an LDAP user to the Directory Service. These parameters are required to utilize the Test function.
Note: Manager DN and Base DN settings may require additional information depending on the LDAP Service Provider, for example, the ORG ID (o).
Optional
•User DN – The LDAP query string used to find the object representing the user account.
•User Search Filter – Sets the filter to use to locate individual users in the directory service. The LDAP query string used to find the user account's group objects.
Adding Lightweight Directory Access Protocol (LDAP) Authentication to NetVisor UNUM
Note: LDAP and AD services require specific information unique to the Service Provider. You must enter the required individual information needed by your Service Provider. The information provided below is for documentation examples and illustrative purposes only. LDAP tools are recommended to aid in troubleshooting LDAP connection issues.
Clicking on the Add Auth Server icon launches the user interface to configure either LDAP (or AD servers) as shown below.
Leave the Type switch toggled to LDAP to configure an LDAP connection, otherwise, move the Type selector to AD and proceed to the Adding AD (Active Directory) Authentication to NetVisor UNUM section.
You need the following information from your LDAP Service Provider:
•Type – Type of Authentication Service used on the domain, either LDAP, AD or both.
•Server URL – in the format of hostname and type. Select ldap or ldaps (secure ldap).
•Base DN – the name of the base organization and domain name.
•Manager DN (Distinguished Name) – the distinguished name (DN) used for the LDAP manager.
•Manager Password – manager password.
•User DN Patterns – DN patterns used for simple bind authentication.
•User Search Filter – any search filters.
In the following example a secure connection to an LDAP service is illustrated.
The Organizational User Administrator has created the user account, admin, which has a valid account on the service provider system (JumpCloud Service Provider in this example).
Type = LDAP
Server URL = ldaps
Hostname = ldap.jumpcloud.com (example service provider only)
Port = 636 (secure ldaps connection)
Base DN = o=xxxxxxxxxxxxxxxxxxxxxxx,dc=jumpcloud,dc=com
Manager DN = uid=admin, ou=Users, o=xxxxxxxxxxxxxxxxxxxxxx,dc=jumpcloud,dc=com
Password = your_ldap_password associated with the Manager DN account
User DN Pattern = Enter the required user DN pattern (optional, but often required).
User Search Filter = Enter the user search filter (optional, but often required).
NetVisor UNUM Platform Configuration Authentication Servers Add Authentication Server
Click Submit to add the configured LDAP server. Click Cancel to return to the previous screen without making any changes.
NetVisor UNUM Platform Configuration Authentication Servers Dashboard
Users now login into NetVisor UNUM using their assigned LDAP credentials on your network.
Testing the LDAP Connection
To test the LDAP connection, click the Test icon.
The Test Server interface is launched.
Enter the applicable LDAP credentials of an LDAP user and the password associated with the account.
NetVisor UNUM Platform Configuration Authentication Servers Test LDAP Server
After entering a Username and Password, click on Test.
A Success or Failure message displays confirming the results as illustrated in the example below.
NetVisor UNUM Platform Configuration Authentication Servers Test LDAP Server Results
LDAP User Roles:
NetVisor UNUM currently supports two roles, User and Local Admin. NetVisor UNUM assigns all LDAP users to the User Role in NetVisor UNUM.
NetVisor UNUM ignores any assigned LDAP or AD roles.
Please refer to Manage Users for more information about these roles.
Modifying LDAP Authentication Server Settings
To modify settings for the LDAP authentication server, click the cog icon icon and select Edit.
The edit LDAP Server interface is launched and configuration changes are made in the relevant fields.
Note: The Type selector is disabled during editing and remains in the position selected during the initial setup process.
NetVisor UNUM Platform Configuration Authentication Servers Modify LDAP Server
You edit the following information:
•Type – Type of Authentication Service used on the domain, either LDAP, AD or both.
•Server URL – Select ldap or ldaps (secure ldap).
•Hostname – Server or provider, e.g., ldap.jumpcloud.com (example service provider only).
•Port – Required port information for the specified connection.
•Base DN – The name of the base organization.
•Manager DN (Distinguished Name) – the distinguished name (DN) used for the LDAP manager.
•Password – Manager password.
•User DN Patterns – DN patterns used for simple bind authentication.
•User Search Filter – Any required search filters.
Click Submit to enter the new LDAP settings. Click Cancel to return to the previous screen without making any changes.
Delete the LDAP Authentication Server
To delete the LDAP authentication server, click the cog icon icon and select Delete.
The delete LDAP server confirmation interface is launched and the deletion is completed by clicking OK. To cancel deleting the LDAP server, click Cancel.
NetVisor UNUM Platform Configuration Authentication Servers Confirm Delete
Adding AD (Active Directory) Authentication to NetVisor UNUM
Clicking on the Add Auth Server icon launches the user interface to configure an AD server as shown below.
Toggle the Type switch to AD.
NetVisor UNUM Platform Configuration Authentication Servers Add Active Directory Server
Use the Add Auth Server function to authenticate users to your Microsoft Active Directory authentication servers.
You need the following information from your network administrator:
•Type – Type of Authentication Service used on the domain (select AD).
•Server URL – Select the connection type either ldap or ldaps (secure ldap).
•Host Name – Enter the host name of the AD server.
•Port – Enter the connection port.
•User Search Filter – Enter the required user search filters.
•Domain – Enter the domain name.
Click Submit to add the configured AD server. Click Cancel to return to the previous screen without making any changes.
NetVisor UNUM Platform Configuration Authentication Servers AD Server Dashboard
Users login into NetVisor UNUM using their assigned AD credentials on your network.
Testing the Active Directory Connection
To test the Active Directory connection, click the Test icon.
The Test Server interface is launched and used by entering the Username and Password and clicking on the Test.
NetVisor UNUM Platform Configuration Authentication Servers AD Server Test
Modifying the AD Authentication Server Settings
To modify settings for the AD authentication server, click the cog icon icon and select Edit.
The edit AD server interface is launched, and configuration changes are made in the relevant fields.
Note: The Type selector is disabled during editing and remains in the position selected during the initial setup process.
NetVisor UNUM Platform Configuration Authentication Servers Edit Active Directory Server Settings
You edit the following information:
•Type – Type of Authentication Service used on the domain (AD selected).
•Server URL – in the format of ldap (unsecured) or ldaps (secured).
•Host Name – Enter the host name of the AD server.
•Port – Enter the required connection port.
•User Search Filter – any required search filters.
•Domain – the domain name.
Click Submit to enter the new AD settings. Click Cancel to return to the previous screen without making any changes.
Delete the AD Authentication Server
To delete the LDAP authentication server, click the cog icon icon and click Delete.
The delete AD server confirmation interface is launched and the deletion is completed by clicking OK. To cancel deleting the AD server, click Cancel.
NetVisor UNUM Platform Configuration Authentication Servers Delete Active Directory Server
As shown in the image below authentication servers are listed as either LDAP or AD and are managed independently.
Selecting the appropriate icon adds Authentication servers to NetVisor UNUM.
Test these servers for proper connection and authentication or edit and remove from NetVisor UNUM as needed.
NetVisor UNUM Authentication Servers Dashboard
Please see the specific Use Case Examples for additional information about configuring LDAP and AD services.