Filter
Top Products
User Management
1044
SonicOS 5.8.1 Administrator Guide
RADIUS with LDAP for user groups
When RADIUS is used for user authentication, there is an option on the RADIUS Users page
in the RADIUS configuration to allow LDAP to be selected as the mechanism for setting user
group memberships for RADIUS users:
When Use LDAP to retrieve user group information is selected, after authenticating a user
via RADIUS, his/her user group membership information will be looked up via LDAP in the
directory on the LDAP/AD server.
Note If this mechanism is not selected, and one-time password is enabled, a RADIUS user will
be receive a one-time password fail message when attempting to log in through SSL VPN.
Clicking the Configure button launches the LDAP configuration window.
Note that in this case LDAP is not dealing with user passwords and the information that it reads
from the directory is normally unrestricted, so operation without TLS could be selected, ignoring
the warnings, if TLS is not available (e.g. if certificate services are not installed with Active
Directory). However, it must be ensured that security is not compromised by the SonicWALL
doing a clear-text login to the LDAP server – e.g. create a user account with read-only access
to the directory dedicated for the SonicWALL’s use. Do not use the administrator account in this
case.