External Authentication

This manual describes how to configure the IACBOX in order to use various backends for guest authentication and also for the WebAdmin interface.

Hint

  • The External Authentication module must be licensed separately.
  • Configured backends can also be used to authenticate users for the WebAdmin.
  • In order to create Surf-Tickets with configured backends, a ticket template must be assigned to be used with the module Authentication. This will also be explained in this manual.

General

The module External Authentication allows Surf-LAN users to use the default Ticket Login box on the Customer Logon Page to authenticate with credentials, which are available on external sources. The supported authentication methods are:

  • Active Directory
  • LDAP
  • MSSQL
  • MySQL
  • PostgreSQL
  • Radius
  • iPass
  • Local Database

Hint

  • The Local Database is always available, even if the module External Authentication is not licensed. The usage of the Local Database relates to the Local Users which can be created in the WebAdmin menu Tickets / Users.

Define a Ticket Template

If the External Authentication is used for the Client Logon Page, then a Ticket Template must be configured for this module. After activating the External Authentication in the WebAdmin menu Modules / Authentication, navigate to Tickets / Templates. Select a desired template to edit or create a new one for this case and configure the restrictions according to your requirements. Before saving the Ticket Template, activate the checkbox for Authentication, which can be found in the section Modules.

../_images/external_authentication_1.png

Activate User Template

If the External Authentication is being used to authenticate WebAdmin users, a User Template must be activated for this module. Therefore switch to the WebAdmin menu System / Manage User and create a new User Group which can be used for WebAdmin users which do authenticate via the External Authentication.

../_images/external_authentication_2.png

It’s now possible to configure any External Authentication as Use for WebAdmin, then the User Group called ExtAuth can be assigned to it.

Active Directory / LDAP

As explained further up in this manual, a ticket template must be configured. The remaining configuration of this module should be pretty much self-explaining.

../_images/external_authentication_3.png

An explicit explanation of the input fields can also be found in the help menu of the WebAdmin:

MySQL / MSSQL / PostgreSQL

The SQL backends of the External Authentication can use custom SQL statements to authenticate users on either the Customer Logon Page or the WebAdmin of the IACBOX.

../_images/external_authentication_4.png

In this screenshot the SQL query is not only interpreting user_id as username and passwd_md5 as password, but also checking the table columns for the boolean return value of enabled=1 and valid_to >= CURRENT_DATE.

Hint

  • Note that the external SQL server must be able to understand variables like CURRENT_DATE. If in doubt, check the according SQL documentation of your server or provider.

Radius

The External Authentication with Radius can be used for authentication on the client logon page and on the WebAdmin login page. Depending if used for Client Logon Page or for the WebAdmin login page, the configuration may slightly look different.

../_images/external_authentication_5.png

iPass

The External Authentication with iPass can be used for authentication on the client logon page and on the WebAdmin login page. Depending if used for Client Logon Page or for the WebAdmin login page, the configuration may slightly look different.

../_images/external_authentication_6.png