立即与支持人员聊天
与支持团队交流

Defender 6.2 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Managing RADIUS payload for a user

To manage RADIUS payload for a user

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane (console tree), expand the appropriate domain node to select the container that contains the user for whom you want to manage RADIUS payload (typically, this is the Users container).
  3. In the right pane, double-click the user.
  4. In the dialog box that opens, click the RADIUS Payload tab. This tab allows you to view the current or assign a new RADIUS payload to the user. The tab has the following elements:
    • Assigned Payload  Shows the RADIUS payload that is currently assigned to the user. When there is no RADIUS payload assigned to the user, this option displays <undefined>.
    • Select  Allows you to select a RADIUS payload to assign to the user.
    • Clear  Unassigns the current RADIUS payload from the user.
    • Inherit payload entries from parent. Include these with entries explicitly defined here.  When selected, causes the user to inherit the RADIUS payload from the Access Node of which the user is a member.
    • Effective  Click this button to view the RADIUS payload that will apply to the user for a particular Defender Security Server/Access Node combination. The windows that opens looks similar to the following:
    • Effective  Click this button to view the RADIUS payload that will apply to the user for a particular Defender Security Server/Access Node combination. The windows that opens looks similar to the following:

 

The DSS list shows the Defender Security Server that is currently selected for the user. If necessary, select any other Defender Security Server.

The DAN list shows the Access Node that is currently selected for the user. If necessary, select any other Access Node.

The User option displays the current user.

The Effective Payload area displays the details of the RADIUS payload that will be effective when the selected user authenticates via Defender.

Managing security token objects

Importing hardware token objects

In order to assign hardware tokens to users in your environment, you first need to import the corresponding hardware token objects into Active Directory.

To import hardware token objects, you need to have the file that contains the definitions of the token objects you want to import. Normally, this file is provided together with hardware tokens.

Note that the instructions in this section do not apply to hardware VIP credentials.

To import hardware token objects into Active Directory

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane (console tree), expand the appropriate domain node, and click to select the Defender container.
  3. On the menu bar, select Defender | Import Tokens.
  4. Complete the wizard to import the token objects.

    For more information about the wizard steps and options, see Import Wizard reference.

Assigning a hardware token object to a user

Before providing a hardware token to a user, you need to assign the corresponding hardware token object to the user in Active Directory. In order you could assign a hardware token object, you need to import it first into Active Directory. For instructions, see Importing hardware token objects.

To assign a hardware token object to a user

  1. On the computer on which the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane (console tree), expand the appropriate domain node to select the container that holds the user to which you want to assign the hardware token object.
  3. In the right pane, double-click the user object.
  4. In the dialog box that opens, on the Defender tab, under the Tokens list, click the Add button.
  5. Use the dialog box that opens to specify search criteria to search for the token object you want to assign.

The dialog box has the following elements:

  • Token Serial Number  Type the token serial number to search for the corresponding token object. If you do not know the token serial number, leave this text box blank.
  • Show unassigned tokens only  Select this check box if you want to search for token objects not assigned to any user. When this check box is cleared, the search results will include both assigned and unassigned token objects.
  • Token Type  Use this list to select the token type you want to search for.
  1. After specifying search criteria, click OK to start your search.

    When your search completes, a list of search results opens:

 

 

  1. In the upper pane of this dialog box, double-click the token object you want to assign to the user, and then click OK to assign the object.

    The assigned token object appears in the Tokens list on the Defender tab in the user properties dialog box:

 

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级