In User-Based management mode, all the LAN client will need to log in with a user account before they can access the Internet. Except for the 200 user accounts built in the Vigor Router, user management can also be implemented with an external authentication server, such as an Active Directory server. This document introduces how to bind the router to an AD/LDAP server and use the server to authenticate the LAN clients.
(For using AD/LDAP server on Vigor3900, Vigor2960, and Vigor300B, please refer to the article here.)
AD/LDAP Profile Setup
1. Go to Application >> Active Directory/ LDAP >> General Setup page, enable AD/LDAP and enter the information of AD/LDAP server as follows:
- Bind Type: Regular Mode
- Server Address: The IP address of AD/LDAP server
- Regular DN: The distinguished name (DN) of administrator account of AD/LDAP server
- Regular Password: The password of the administrator account
2. Click OK to save the configuration, and click OK again when being asked to reboot the router.
3. Create a AD/LDAP profile: Go to Application >> Active Directory/ LDAP >> AD/LDAP Profiles page, click on an available index number.
4. Give this profile a Name, enter the Common Name Identifier that the AD/LDAP server uses (which might be "cn" by default), and enter Base Distinguished Name as the directory from where Vigor Router can start searching.
User Management Setup
5. Go to User Management >> General Setup to make sure the User Management mode is set up "User-Based".
6. Create a new user profile: Go to User Management >> User Profile, click on an available index.
7. Enable this account and give it a Username. At External Server Authentication, select "LDAP" and choose the profile we created in step 3. Then click OK to save.
8. Now, when LAN clients access the Internet for the first time, they will be redirected to the login page, where they can log in with a user account on the AD/LDAP database.
9. From User Management >> User Online Status page, Network Administrator will see the users who are authenticated by the AD/LDAP server.