Network Management

1. Is it possible to have both RADIUS and LDAP Authentication working on the same Airwave server?
2. Is LDAPS (LDAP over SSL) supported?
3. Can you use a different port (636 instead of 389) for LDAPS?

Thanks.

Neil

1) Yes, you can do multiple remote access servers.  The order will be RADIUS:TACACS:LDAP:LocalDB when remote auth is preferred.  Known feature request to allow choosing the order, not enough customer interest to push it beyond the Product team.

2) Yes, LDAP-S is supported, with option to validate server certs.

3) Yes, you can choose different port.

This is all controlled from the AMP Setup -> Authentication tab.

Here is the solution I worked out with TAC.

1. You can only have ONE authentication method enabled at a time.
   So I had to Disable RADIUS authentication because I wanted to use LDAP. I was hoping to use both because our Network team prefers using RADIUS to authenticate, but our Help Desk uses LDAP.
   
   
2. You must use LDAP with start-tls or clear-text authentication.
   If I try to use ldap-s the AMP server doesn't even initiate any outbound traffic to the LDAP server.
   
   
3. You must use the fully qualified BIND DN name. user@ldapserver.com doesn't work.
4. Make sure the account .you are logging  in with is in the right search DN.

That's it. Everything is working now (except for RADIUS authentication).

-Neil