Logo

Authentication Tools

Menu path: Tools.> Authentication Tools.

The following authentication tools are available:

RADIUS

The RADIUS authentication tool queries a defined RADIUS authentication source for a specific User Name and Password. The authentication source must be a RADIUS source defined through the use of the RADIUS configuration page. Select the name of the authentication source, fill in a User Name and Password, and then press the TEST button to start the tool.

<!!! Screen shot to be supplied !!!>

Authentication Test

The authentication test tool tests a User Name and Password against an authentication source, including LDAP, RADIUS, Active Directory, and SAML. Select from the available and applicable Authentication Sources, enter a User Name and Password, and then press the TEST button. If a valid password for the use is not available, any text can be used; the authentication test will still perform most of the authentication steps.

Example 1 - Successful

        Authentication Source:\xA0A3AD
        Username:\xA0++++
        Password:\xA0****
        Response:
        Testing authentication for "++++"
        --------------------------------------------------------------------------------
        Authentication Source 'A3AD' Configuration:
        cache_match: 0
        read_timeout: 10
        basedn: cn=users,dc=a3-demo,dc=local
        monitor: 1
        dynamic_routing_module: AuthModule
        shuffle: 0
        id: A3AD
        scope: sub
        email_attribute: mail
        unique: 0
        usernameattribute: sAMAccountName
        connection_timeout: 5
        binddn: cn=administrator,cn=users,dc=a3-demo,dc=local
        encryption: none
        port: 389
        description: AD in A3 Lab
        host: 10.5.1.4
        write_timeout: 5
        class: internal
        type: AD
        \xA0
        Authenticating against 'A3AD' in context 'admin'
        Authentication SUCCEEDED against A3AD (Authentication successful.)
        Matched against A3AD for 'authentication' rules
        set_role : Employee
        set_access_duration : 1h
        Did not match against A3AD for 'administration' rules
        \xA0
        Authenticating against 'A3AD' in context 'portal'
        Authentication SUCCEEDED against A3AD (Authentication successful.)
        Matched against A3AD for 'authentication' rules
        set_role : Employee
        set_access_duration : 1h
        Did not match against A3AD for 'administration' rules
        \xA0
        Total testing time: 2.208669 seconds.

Example 2 - User Does Not Exist

        Authentication Source:\xA0A3AD
        Username:\xA0++++@ddd.com 
        Password:\xA0****
        Response:
        Testing authentication for "++++@ddd.com"
        --------------------------------------------------------------------------------
        Authentication Source 'A3AD' Configuration:
        cache_match: 0
        read_timeout: 10
        basedn: cn=users,dc=a3-demo,dc=local
        monitor: 1
        dynamic_routing_module: AuthModule
        shuffle: 0
        id: A3AD
        scope: sub
        email_attribute: mail
        unique: 0
        usernameattribute: sAMAccountName
        connection_timeout: 5
        binddn: cn=administrator,cn=users,dc=a3-demo,dc=local
        encryption: none
        port: 389
        description: AD in A3 Lab
        host: 10.5.1.4
        write_timeout: 5
        class: internal
        type: AD
        \xA0
        Authenticating against 'A3AD' in context 'admin'
        Authentication FAILED against A3AD (Invalid login or password)
        Did not match against A3AD for 'authentication' rules
        Did not match against A3AD for 'administration' rules
        \xA0
        Authenticating against 'A3AD' in context 'portal'
        Authentication SUCCEEDED against A3AD (Authentication successful.)
        Matched against A3AD for 'authentication' rules
        set_role : Employee
        set_access_duration : 1h
        Did not match against A3AD for 'administration' rules

Example 3 - Failed, bad password

        Authentication Source:\xA0A3AD
        Username:\xA0andrew
        Password:\xA0****
        Response:
        Testing authentication for "andrew"
        --------------------------------------------------------------------------------
        Authentication Source 'A3AD' Configuration:
        cache_match: 0
        read_timeout: 10
        basedn: cn=users,dc=a3-demo,dc=local
        monitor: 1
        dynamic_routing_module: AuthModule
        shuffle: 0
        id: A3AD
        scope: sub
        email_attribute: mail
        unique: 0
        usernameattribute: sAMAccountName
        connection_timeout: 5
        binddn: cn=administrator,cn=users,dc=a3-demo,dc=local
        encryption: none
        port: 389
        description: AD in A3 Lab
        host: 10.5.1.4
        write_timeout: 5
        class: internal
        type: AD
        \xA0
        Authenticating against 'A3AD' in context 'admin'
        Authentication FAILED against A3AD (Invalid login or password)
        Did not match against A3AD for 'authentication' rules
        Did not match against A3AD for 'administration' rules
        \xA0
        Authenticating against 'A3AD' in context 'portal'
        Authentication FAILED against A3AD (Invalid login or password)
        Did not match against A3AD for 'authentication' rules
        Did not match against A3AD for 'administration' rules
        \xA0
        Total testing time: 2.200176 seconds.

NTLM Authentication

The NTLM (NT LAN Manager) Authentication test tool tests a User Name and Password against an Active Directory server. Select from the available and applicable Authentication Sources, enter a User Name and Password, and then press the TEST button to start the tool.

NTLM authentication tests return one of three possible responses:

LDAP Browser

The LDAP Browser tool queries a defined LDAP authentication source for a specific Attribute Name and Value. The authentication source must be an LDAP source defined through the use of the LDAP configuration page. Select the name of the authentication source, fill in a Attribute Name and Value, and then press the LDAP Browse button to start the tool. The contents of the LDAP directory for the values matching the attribute name will be displayed.

EAP Local User Authentication

This option, if selected, allows EAP user authentication against the local users repository.

Copyright © 2021 Extreme Networks. All rights reserved. Published April 2021.