Device Configuration : Configure : Authentication : Servers : Add an External Server
Add an External Server
On this page you can create one or more authentication servers. Follow the links to create them:
Active Directory
Active Directory (AD) is Microsoft's implementation of a directory service and is a central component of Windows 2000/2003 servers. It stores information about a broad range of resources residing on a network, including users, groups, computers, printers, applications, services, and any type of user-defined objects. As such it provides a means of centrally organizing, managing, and controlling access to these resources. The Active Directory authentication method allows you to register Sophos Firewall OS at a Windows domain, thus creating an object for Sophos Firewall OS on the primary domain controller (DC). Sophos Firewall OS is then able to query user and group information from the domain.
* Sophos Firewall OS supports Active Directory 2003 and newer.
Add Active Directory Server
LDAP
LDAP, an abbreviation for Lightweight Directory Access Protocol, is a networking protocol for querying and modifying directory services based on the X.500 standard. Sophos Firewall OS uses the LDAP protocol to authenticate users for several of its services, allowing or denying access based on attributes or group memberships configured on the LDAP server.
Add LDAP Server
RADIUS
RADIUS, the acronym of Remote Authentication Dial In User Service is a widespread protocol for allowing network devices such as routers to authenticate users against a central database. In addition to user information, RADIUS can store technical information used by network devices, such as supported protocols, IP addresses, routing information, and so on. This information constitutes a user profile, which is stored in a file or database on the RADIUS server. The RADIUS protocol is very flexible, and servers are available for most operating systems. The RADIUS implementation on Sophos Firewall OS allows you to configure access rights on the basis of proxies and users. Before you can use RADIUS authentication, you must have a running RADIUS server on the network. Whereas passwords are encrypted using the RADIUS secret, the username is transmitted in plain text.
Add RADIUS Server
TACACS+
TACACS+ (the acronym of Terminal Access Controller Access Control System) is a proprietary protocol by Cisco Systems, Inc. and provides detailed accounting information and administrative control over authentication and authorization processes. Whereas RADIUS combines authentication and authorization in a user profile, TACACS+ separates these operations. Another difference is that TACACS+ utilizes the TCP protocol (port 49) while RADIUSClosed uses the UDPClosed protocol.
Add TACACS+ Server
eDirectory
Novell eDirectory is an X.500 compatible directory service for centrally managing access to resources on multiple servers and computers within a given network. eDirectory is a hierarchical, object-oriented database that represents all the assets in an organization in a logical tree. Those assets can include people, servers, workstations, applications, printers, services, groups, and so on.
Add eDirectory Server