2. Authentication Modes¶
NexLog DX-Series™ has four authentication modes available for configuration.
Local Recorder Authentication
Network File Share (SMB)
Lightweight Directory Access Protocol (LDAP)
Microsoft Active Directory
Table 2.1: Authentication Mode Comparison lists each mode and the noteable differences between them.
Local | SMB | LDAP | Active Directory | |
|---|---|---|---|---|
AD Password | • | • | • | |
AD Groups | • | • | ||
Single Sign-On | • | |||
Change Password | • | |||
Password Expiration | • | |||
Secure Transmission | • | • | • | |
Account Expirations | • | • | • | • |
Account Deactivation | • | • | • | • |
Automatic User Creation | • | • | ||
License Required | • | • |
- Local Recorder Authentication
This authentication mode is the default on any new NexLog DX-Series™ installation. Users and groups are managed directly on the NexLog DX-Series™ recorder.
- Network File Share
This mode requires that users and groups be manually created using the NexLog DX-Series™ web configuration manager. When a user logs in, their credentials are tested against the network share for read access. If the user can read the contents of the network share, they will be authenticated.
- Lightweight Directory Access Protocol
This mode interfaces with a Microsoft Windows Active Directory or OpenLDAP server. Groups created on the NexLog DX-Series™ must be mapped to a group on the LDAP server. Users are added to the LDAP group. When a user logs in, the recorder validates their login credentials and queries LDAP for their group memberships.
- Active Directory
This mode funtions the same as LDAP, but only works with Microsoft Windows Active Directory. The primary difference is that this mode allows automatic login by Single Sign-On (SSO).
2.1. Choosing the Right Mode¶
Selecting the correct authentication mode required for a NexLog DX-Series™ installation can reduce unnecessary setup and deployment time. The right mode can only be determined by a system administrator who is familiar with the users and operating environment.
Reference Table 2.1: Authentication Mode Comparison for a simple feature comparison of each mode.
If the NexLog DX-Series™ recorder is installed on a network without directory services, or you do not wish to sync users or passwords to an external source, Local Recorder Authentication should be used.
If the desire is for users to use the same password as other systems, and user creation and permissions can be done on the recorder, Network File Share (SMB) Authentication should be used.
If user accounts and their passwords should be maintained in a central directory, LDAP Authentication should be used.
If the central directory uses advanced authentication methods, like smart cards, and automatic login via Single Sign-On is desired, Active Directory Authentication must be used.
2.2. Setting the Authentication Mode¶
Fig. 2.1 Authentication Mode Selection - Unlicensed¶
The authentication mode can be set by logging into the web configuration manager, and navigating to .
For details on accessing the web configuration manager, consult the NexLog DX-Series™ system User Manual.
As seen in Figure 2.1, LDAP and Active Directory authentication require a license to enable.