User Management
630
SonicOS Enhanced 4.0 Administrator Guide
When Use LDAP to retrieve user group information is selected, after authenticating a user
via RADIUS, his/her user group membership information will be looked up via LDAP in the
directory on the LDAP/AD server.
Clicking the Configure button launches the LDAP configuration window.
Note that in this case LDAP is not dealing with user passwords and the information that it reads
from the directory is normally unrestricted, so operation without TLS could be selected, ignoring
the warnings, if TLS is not available (e.g. if certificate services are not installed with Active
Directory). However, it must be ensured that security is not compromised by the SonicWALL
doing a clear-text login to the LDAP server – e.g. create a user account with read-only access
to the directory dedicated for the SonicWALL’s use. Do not use the administrator account in this
case.
RADIUS Client Test
In the RADIUS Configuration dialog box, you can test your RADIUS Client user name,
password and other settings by typing in a valid user name and password and selecting one of
the authentication choices for Test. Performing the test will apply any changes that you have
made.
To test your RADIUS settings:
Step 6 In the User field, type a valid RADIUS login name.
Step 7 In the Password field, type the password.
Step 8 For Test, select one of the following:
• Password authentication: Select this to use the password for authentication.
• CHAP: Select this to use the Challenge Handshake Authentication Protocol. After initial
verification, CHAP periodically verifies the identity of the client by using a three-way
handshake.
• MSCHAP: Select this to use the Microsoft implementation of CHAP. MSCHAP works for all
Windows versions before Windows Vista.