44 DOMINION KX USER M ANUALGeneral Settings for Remote Authentication1. On the Setup menu, click Security, and then click Remote Authentication to configure DominionKX for remote authentication. The Remote Authentication window appears:Figure 40 Remote Authentication Window2. Select the option button of the remote authentication protocol you wish to use (either LDAP orRADIUS).3. Type the IP Address of your primary and secondary remote authentication servers in the PrimaryServer IP Address and Secondary Server IP Address fields.4. Type the server secret needed to authenticate against your remote authentication servers in the SecretPhrase field. Re-type the server secret in the Confirm Secret Phrase field.5. If you selected LDAP as your remote authentication protocol, please read the next sectionImplementing LDAP Remote Authentication to complete the fields in the LDAP panel of theRemote Authentication window. If you selected RADIUS, please skip to Implementing RADIUSRemote Authentication to complete the fields in the RADIUS panel of the window.6. When finished, click [OK] to save the Remote Authentication changes, or [Cancel] to exit withoutsaving.Implementing LDAP Remote AuthenticationReminder: Microsoft Active Directory functions natively as an LDAP authentication server.If you choose LDAP authentication protocol, complete the LDAP fields as follows:− Use Secure LDAP: Apply this rule to enables LDAP-S, which ensures that all authenticationrequests and replies transmitted over the network are encrypted.− Default Port / User Defined Port: Select an option button to choose whether you would liketo use the standard LDAP TCP ports, or specify your own user defined port.− Base DN, Base Search: This describes the name you want to bind against the LDAP, andwhere in the database to begin searching for the specified Base DN. An example Base DNvalue might be: “cn=Administrator,dc=Users=,dc=testradius,dc=com” and an example BaseSearch value might be: “cn=”Users,dc=raritan,dc=com”. Consult your authentication serveradministrator for the appropriate values to enter into these fields.− Certificate File: Consult your authentication server administrator for the appropriate valuesto type into this field in order to process LDAP authentication queries from Dominion KX.Returning User Group Information via LDAPWhen an LDAP authentication attempt succeeds, Dominion KX determines the permissions for a givenuser based on the permissions of the user’s group. Your remote LDAP server can provide these user groupnames by returning an attribute named as follows:rciusergroup attribute type: stringThis may require a schema extension on your LDAP server. Please consult your authentication serveradministrator to enable this attribute.