Allowing administrators to connect via an LDAP or Radius server

The SMC server can be connected to an LDAP and/or Radius server to authorize the company’s users to manage a pool of firewalls.

This type of authentication is designed to operate with LDAP servers such as Active Directory on Microsoft Windows Server 2012 and 2016, and Radius servers on Microsoft Windows Server 2012 R2 and 2016.

Radius authentication only makes it possible to identify the users who have access to the SMC server, but does not allow groups and read/write access to be managed. It must be paired with LDAP authentication so that user privileges and groups can be managed.

When a super administrator tries to connect, the SMC server looks for the ID and password in its local user database first, and then on the Radius server if it does not find this information, then on the LDAP server.

When an ordinary administrator tries to connect, the SMC server looks for the ID and password on the Radius server first, and then on the LDAP server if it does not find this information, then in its local user database.

Authentication via LDAP or Radius server is configured in the SMC server’s command line interface with two files:

  • An auth-server.ini configuration file that enables the LDAP or Radius server connection settings to be defined,

  • A rights.csv configuration file that enables the definition of groups and users authorized to connect to the SMC server as well as their access privileges on SMC and SNS.

To authorize administrators to connect to the SMC server via an LDAP or Radius server, follow the three steps below:

  1. Configure the connection to the LDAP or Radius server,
  2. Test the connection and display the list of users on the LDAP or Radius server, and groups on the LDAP server,
  3. Authorize users and define their access privileges.