* Enter the name of the utility key. You can search descriptions of utility keys.

External Server Settings

To display: [Utility][Administrator][User Auth/Account Track][External Server Settings]

When employing external server authentication, register the authentication server.

If you group two servers, you can switch to another server to perform authentication when a server shuts down.

Configure the following settings on the primary server registration screen.

Setting

Description

[External Server Name]

Enter the name of the authentication server (using up to 32 characters).

[External Server Type]

Select the authentication server type.

[Active Directory]

Register server information when Active Directory is used as the authentication server.

  • [Default Domain Name]: Enter the default domain name of your authentication server (using up to 64 characters).

  • [Timeout]: Change the timeout interval for communication with Active Directory, if required (default: [60] sec.).

[NTLM]

Register server information when NTLM is used as the authentication server.

  • [Default Domain Name]: Enter the default domain name of your authentication server (using up to 64 characters).

[LDAP]

Register server information when LDAP is used as the authentication server.

  • [Server Address]: Enter your LDAP server address.

  • [Port Number]: If necessary, change the LDAP server port number (default: [389]).

  • [Enable SSL]: When using SSL communications, set this option to ON (default: OFF).
    [Port No.(SSL)]: If necessary, change the port number for SSL communication (default: [636]).

  • [Search Base 1] to [Search Base 3]: Specify the starting point and range to search a user to be authenticated.
    [Search Base]: Specify the starting point to search for a target (using up to 255 characters).
    Example of entry: "cn=users,dc=example,dc=com"
    [Search Range]: Select a tree search range (default: [Full Tree]).
    [Full Tree]: Makes a search, including the tree structure under the entered starting point.
    [Next hierarchy only]: Searches for only one level directly beneath the entered starting point. In this case, the level at the starting point is not included as a search target.

  • [Timeout]: Change the timeout interval for communication with the LDAP server, if required (default: [60] sec.).

  • [General Settings]: Select the authentication method to log in to the LDAP server depending on your environment (default: [Simple]).

  • [Search Attribute]: Enter the search attribute used in user account search (using up to 64 characters). The attribute must start with an alphabet character (default: [uid]).

  • [Search Attributes Authentication]: To automatically generate DN (Distinguished Name) required for authentication by the LDAP server on this machine when [Simple] is selected for [General Settings], set this option to ON (default: OFF). Also, enter authentication information used for logging in to the LDAP server in order to search for the user ID.

[Search Directory Service]

If you select [Active Directory], you can limit a search target for authentication to users (default: [Other]). However, when a search target for authentication is limited to users, search target identification processing occurs on the server side, so the authentication time may be delayed. This function is available when the authentication server is set to Active Directory (Windows Server 2008 or later).

Configure the following settings on the secondary server registration screen.

Setting

Description

[2nd Server Setting]

When using the secondary server, set this option to ON (default: OFF).

[Round Robin function]

When using the round-robin function, set this option to ON (default: OFF).

If you select round-robin function, you can alternately connect the primary and secondary servers to distribute the server load.

[Reconnection Settings]

Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server (default: [Set Reconnect Interval]). When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.

  • [Reconnect for every login]: Connects to the primary server each time authentication is carried out on this machine. If the primary server is shutting down, this machine is connected to the secondary server.

  • [Set Reconnect Interval]: Connects to the secondary server when the primary server is shutting down at the time the machine is being authenticated. After this, this machine is connected to the secondary server when machine authentication is occurring until the time specified in [Reconnection Time] lapses. After the time specified in [Reconnection Time] has lapsed, this machine is reconnected to the primary server when machine authentication is occurring.

[External Server Type]

Select the type of the authentication server and set required information.

For details, refer to the registration contents of the primary server.

Tips
  • To check the status of the connection of the primary authentication server and the secondary authentication server, select [User Auth/Account Track] - [Authentication Server Connection status] - [External Server Authentication]. If [Connection Enabled] is displayed, you can connect to both the primary and secondary authentication servers.