SonicWALL 5.8.1 Microscope & Magnifier User Manual


  Open as PDF
of 1490
 
User Management
1039
SonicOS 5.8.1 Administrator Guide
Step 3 In the LDAP Import User Groups dialog box, optionally select the checkbox for groups that
you do not want to import, and then click Remove from list.
Step 4 To undo all changes made to the list of groups, click Undo and then click OK in the confirmation
dialog box.
Step 5 When finished pruning the list to a manageable size, select the checkbox for each group that
you want to import into the SonicWALL, and then click Save selected.
Configuring RADIUS Authentication
For an introduction to RADIUS authentication in SonicOS Enhanced, see “Using RADIUS for
Authentication” on page 998. If you selected RADIUS or RADIUS + Local Users from the
Authentication method for login drop-down list on the Users > Settings page, the Configure
button becomes available.
A separate Configure button for RADIUS is also available if you selected Browser NTLM
authentication only from the Single-sign-on method drop-down list, or in various cases
where configuration elsewhere may require that RADIUS be used. The configuration process
is the same.
The actual authentication method is selected automatically when using RADIUS, so there are
no configuration options for it in the RADIUS configuration window. RADIUS is fully secure in
any mode, including its standard mode (often inaccurately referred to as PAP mode
1
) as well
as CHAP, MSCHAP, and MSCHAPv2, so there is generally no reason to force RADIUS CHAP
mode versus standard RADIUS mode. The only reason to choose MSCHAP/MSCHAPv2 is to
make use of the password updating feature these offer, and this can be configured elsewhere.
The following points describe the selection of authentication methods when using RADIUS:
1. Standard mode RADIUS is a secure back end that can be used with various front ends, including the insecure PPP
PAP protocol. The SonicWALL network security appliance uses it with a secure front end over HTTPS/SSL or IPSec,
and so the entire authentication channel from the user to the RADIUS server is secure (even if PPP PAP is used with
L2TP, it is secure since it runs over IPSec).