Chapter 5: User Management992. On your Active Directory server, create new groups with the samegroup names as in the previous step.3. On your AD server, assign the KX II-101-V2 users to the groupscreated in step 2.4. From the KX II-101-V2, enable and configure your AD serverproperly. See Implementing LDAP/LDAPS RemoteAuthentication (on page 94).Important Notes Group Name is case sensitive. The KX II-101-V2 provides the following default groups that cannotbe changed or deleted: Admin and . Verify that yourActive Directory server does not use the same group names. If the group information returned from the Active Directory serverdoes not match the KX II-101-V2 group configuration, the KX II-101-V2 automatically assigns the group of to users whoauthenticate successfully.Implementing RADIUS Remote AuthenticationRemote Authentication Dial-in User Service (RADIUS) is an AAA(authentication, authorization, and accounting) protocol for networkaccess applications.To use the RADIUS authentication protocol:1. Click User Management > Authentication Settings to open theAuthentication Settings page.2. Click the RADIUS radio button to enable the RADIUS section of thepage.3. Click the icon to expand the RADIUS section of the page.4. In the Primary Radius Server and Secondary Radius Server fields,type the IP address of your primary and optional secondary remoteauthentication servers, respectively (up to 256 characters).5. In the Shared Secret fields, type the server secret used forauthentication (up to 128 characters).The shared secret is a character string that must be known by boththe KX II-101-V2 and the RADIUS server to allow them tocommunicate securely. It is essentially a password.6. The Authentication Port default is port is 1812 but can be changedas required.7. The Accounting Port default port is 1813 but can be changed asrequired.8. The Timeout is recorded in seconds and default timeout is 1 second,but can be changed as required.
