As a centralized management server, ACS allows integrating the external RADIUS/LDAP server for login authentication. This article demonstrates how to configure the external LDAP server.
This article will be divided into several parts:
Since version 2.5.0, ACS accepts to use the different external server for each user group.
However, please notice the default setting of the user account which authenticate with the external server:
Basically, the ACS login URL is https://<IP>:<port>/web/#/login
ACS will authenticate with its MySQL database first. If it doesn't match, the authentication request will be sent to the external authentication server of All User group.
If we add the user group name in the URL, for example, https://<IP>:<port>/web/#/login/RootGroup
ACS will send the authentication request to the external server of RootGroup first. If it doesn't match, the request will be sent to the external server of All User group.
1. Login to ACS with the system administrator account and go to User > External authentication server page.
Select the user group which you'd like to enable the external authentication.
2. Configure the detail information of the external authentication server.
ACS supports AD/LDAP and RADIUS as authentication server type, you could also follow this article to use the Vigor router as RADIUS server.
However, it is recommended to use LDAP if your server is on the Internet for security consideration.
Once you finished the setting, press the Save button to save the profile.
3. Refer to Flowchart with different login URL, now we can log in ACS with the credentials of the external authentication server.
4. When login success, the system administrator will see a new account with:
- Default user role is View only operator
- Default user group is FAE user group because the credential has authenticated with the external server of "FAE" group.
has been created from the User > User Management page.
Was this helpful?
Thank you for your feedback :)
Sorry about that. Contact Support if you need further assistance, or leave us some comments below to help us improve.