SonicOS 8 Users

Enabling LDAP Relay

SonicWall can operate as a RADIUS server for remote SonicWalls that do not support LDAP, acting as a gateway between RADIUS and LDAP, and relaying authentication requests from them to the LDAP server.

  • The RADIUS client on the remote SonicWall should be configured to use port 1812 and the shared secret below (See step 7)

  • On remoteSonicWall running SonicOS enhanced firmware, select Use SonicWall vendor-specific attribute on RADIUS server on the RADIUS Users tab.

  1. Navigate to Device > Users > Settings > Accounting.
  2. Next to Configure LDAP, click Configure.

    The LDAP Configuration page is displayed.

  3. Under the LDAP Relay tab do the following:

    1. Select Enable RADIUS to LDAP Relay

    2. In Allow RADIUS clients to connect via select one of the policy rules to allow incoming RADIUS requests accordingly.

      • Trusted Zones

      • WAN Zone

      • Public Zones

      • Wireless Zones

      • VPN Zone

    3. In the RADIUS shared secret enter a shared secret common to all remote SonicWall.

      Additionally, for remote SonicWalls running non-enhanced firmware, with this feature the central SonicWall can return legacy user privilege information to them based on user group memberships learned via LDAP. This avoids what can be very complex configuration of an external RADIUS server such as IAS for those SonicWalls.

    4. In User groups for legacy VPN users, enter the user group that corresponds to the legacy Access to VPNs privileges. When a user in this user group is authenticated, the remote SonicWall is notified to give the user the relevant privileges.

    5. In User groups for legacy VPN client users, enter the user group that corresponds to the legacy Access from VPN client with XAUTH privileges. When a user in this user group is authenticated, the remote SonicWall is notified to give the user the relevant privileges

    6. In User groups for legacy L2TP users, enter the user group that corresponds to the legacy Access from L2TP VPN client privileges. When a user in this user group is authenticated, the remote SonicWall is notified to give the user the relevant privileges.

    7. In User groups for legacy users with Internet access, enter the user group that corresponds to the legacy Allow Internet access (when access is restricted) privileges. When a user in this user group is authenticated, the remote SonicWall is notified to give the user the relevant privileges.

  4. Click Apply.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden