Guide to integrating with external authentication systems.
Overview
netLD is able to integrate with authentication servers such as Active Directory and FreeRADIUS. When using this integration, you do not need to create the individual users in netLD.
netLD can apply specific networks and permissions based on the groups configured in the external authentication servers.
1. Integration with a RADIUS Server
netLD will send an Access-Request packet to the RADIUS server and expects an Access-Accept packet in return. This Access-Accept packet will need to contain a Filter-Id containing a group name that netLD can, using External group mappings, map to the netLD roles and networks.
Here is an example of a user configured in FreeRADIUS:
LogicVein Cleartext-Password := "password" Filter-Id += "GROUP"
In this example, when netLD sends an Access-Request packet including the username "LogicVein" and password "password", the RADIUS server sends back an Access-Accept packet which has the Filter-Id field set. The Filter-Id is used as the External Group in which the authenticated user will belong.
NetLD Configuration
In order to integrate with a RADIUS server, the settings can be configured in the External authentication page of the Server Settings dialog.
1. Select RADIUS for Enable external authentication
2. Set the IP address (or Hostname) and the Shared Secret of the RADIUS server.
3. Assign Roles using External group mappings. A mapping is added by clicking the [+] button.
4. Enter the group that was set in the Filter-Id of the RADIUS server into External Group field and select a role to apply to the group.
5. Assign Networks using External group mappings. A mapping is added by clicking [+] button.
6. Enter the group that was set in the Filter-Id of the RADIUS server into the External Group field and select the networks that the users of the group should be able to see.
Users in this group will be given permission to see the selected networks.
7. After configuring the above settings, you can confirm the integration with the RADIUS server by clicking Test and providing a Username and Password. If there is no problem, the Authentication successful message will be shown.
Setup is now complete. After saving the server settings by clicking OK, logout and log in with the user configured in the RADIUS server.