.. _aam_authentication_server: aam authentication server ========================= Authentication server configuration server Specification -------------------- ===================================== ================================================================== **Parameter** **Value** ===================================== ================================================================== **Type** *Configuration Resource* **Element Name** server **Element URI** /axapi/v3/aam/authentication/server **Element Attributes** server_attributes **Partition Visibility** shared **Operational Data URI** /axapi/v3/aam/authentication/server/oper **Schema** :download:`server schema ` ===================================== ================================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/aam/authentication/server .. raw:: html :ref:`100_server_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/aam/authentication/server .. raw:: html :ref:`100_server_attributes` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/aam/authentication/server .. raw:: html :ref:`100_server_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/aam/authentication/server .. raw:: html :ref:`100_server_attributes` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/aam/authentication/server .. raw:: html :ref:`100_server_attributes` .. raw:: html
.. _100_server_attributes: server attributes ----------------- **ldap** **Description:** ldap is a **JSON Block**. Please see below for :ref:`100_ldap` **Type:** Object **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ldap ` **ocsp** **Description:** ocsp is a **JSON Block**. Please see below for :ref:`100_ocsp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ocsp ` **radius** **Description:** radius is a **JSON Block**. Please see below for :ref:`100_radius` **Type:** Object **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/radius ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **windows** **Description:** windows is a **JSON Block**. Please see below for :ref:`100_windows` **Type:** Object **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/windows ` .. _100_windows: windows ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **instance-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/windows/instance/{name} ` **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _100_windows_sampling-enable: windows_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'kerberos-request-send': Total Kerberos Request; 'kerberos-response-get': Total Kerberos Response; 'kerberos-timeout-error': Total Kerberos Timeout; 'kerberos-other-error': Total Kerberos Other Error; 'ntlm-authentication-success': Total NTLM Authentication Success; 'ntlm-authentication-failure': Total NTLM Authentication Failure; 'ntlm-proto-negotiation-success': Total NTLM Protocol Negotiation Success; 'ntlm-proto-negotiation-failure': Total NTLM Protocol Negotiation Failure; 'ntlm-session-setup-success': Total NTLM Session Setup Success; 'ntlm-session-setup-failed': Total NTLM Session Setup Failure; 'kerberos-request-normal': Total Kerberos Normal Request; 'kerberos-request-dropped': Total Kerberos Dropped Request; 'kerberos-response-success': Total Kerberos Success Response; 'kerberos-response-failure': Total Kerberos Failure Response; 'kerberos-response-error': Total Kerberos Error Response; 'kerberos-response-timeout': Total Kerberos Timeout Response; 'kerberos-response-other': Total Kerberos Other Response; 'kerberos-job-start-error': Total Kerberos Job Start Error; 'kerberos-polling-control-error': Total Kerberos Polling Control Error; 'ntlm-prepare-req-success': Total NTLM Prepare Request Success; 'ntlm-prepare-req-failed': Total NTLM Prepare Request Failed; 'ntlm-timeout-error': Total NTLM Timeout; 'ntlm-other-error': Total NTLM Other Error; 'ntlm-request-normal': Total NTLM Normal Request; 'ntlm-request-dropped': Total NTLM Dropped Request; 'ntlm-response-success': Total NTLM Success Response; 'ntlm-response-failure': Total NTLM Failure Response; 'ntlm-response-error': Total NTLM Error Response; 'ntlm-response-timeout': Total NTLM Timeout Response; 'ntlm-response-other': Total NTLM Other Response; 'ntlm-job-start-error': Total NTLM Job Start Error; 'ntlm-polling-control-error': Total NTLM Polling Control Error; 'kerberos-pw-expiry': Total Kerberos password expiry; 'kerberos-pw-change-success': Total Kerberos password change success; 'kerberos-pw-change-failure': Total Kerberos password change failure; 'kerberos-validate-kdc-success': Total Kerberos KDC Validation Success; 'kerberos-validate-kdc-failure': Total Kerberos KDC Validation Failure; 'kerberos-generate-kdc-keytab-success': Total Kerberos KDC Keytab Generation Success; 'kerberos-generate-kdc-keytab-failure': Total Kerberos KDC Keytab Generation Failure; 'kerberos-delete-kdc-keytab-success': Total Kerberos KDC Keytab Deletion Success; 'kerberos-delete-kdc-keytab-failure': Total Kerberos KDC Keytab Deletion Failure; 'kerberos-kdc-keytab-count': Current Kerberos KDC Keytab Count; **Type:** string **Supported Values:** all, kerberos-request-send, kerberos-response-get, kerberos-timeout-error, kerberos-other-error, ntlm-authentication-success, ntlm-authentication-failure, ntlm-proto-negotiation-success, ntlm-proto-negotiation-failure, ntlm-session-setup-success, ntlm-session-setup-failed, kerberos-request-normal, kerberos-request-dropped, kerberos-response-success, kerberos-response-failure, kerberos-response-error, kerberos-response-timeout, kerberos-response-other, kerberos-job-start-error, kerberos-polling-control-error, ntlm-prepare-req-success, ntlm-prepare-req-failed, ntlm-timeout-error, ntlm-other-error, ntlm-request-normal, ntlm-request-dropped, ntlm-response-success, ntlm-response-failure, ntlm-response-error, ntlm-response-timeout, ntlm-response-other, ntlm-job-start-error, ntlm-polling-control-error, kerberos-pw-expiry, kerberos-pw-change-success, kerberos-pw-change-failure, kerberos-validate-kdc-success, kerberos-validate-kdc-failure, kerberos-generate-kdc-keytab-success, kerberos-generate-kdc-keytab-failure, kerberos-delete-kdc-keytab-success, kerberos-delete-kdc-keytab-failure, kerberos-kdc-keytab-count .. _100_windows_instance-list: windows_instance-list ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **auth-protocol** **Description:** auth-protocol is a **JSON Block**. Please see below for :ref:`100_windows_instance-list_auth-protocol` **Type:** Object **health-check** **Description** Check server's health status **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check and health-check-disable are mutually exclusive **health-check-disable** **Description** Disable configured health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check-disable and health-check are mutually exclusive **health-check-string** **Description** Health monitor name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/health/monitor ` **host** **Description:** host is a **JSON Block**. Please see below for :ref:`100_windows_instance-list_host` **Type:** Object **name** **Description** Specify Windows authentication server name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **packet-capture-template** **Description** Name of the packet capture template to be bind with this object **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/aam-auth-server-win-inst-tmpl ` **realm** **Description** Specify realm of Windows server **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sampling-enable** **Type:** List **support-apacheds-kdc** **Description** Enable weak cipher (DES CRC/MD5/MD4) and merge AS-REQ in single packet **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **timeout** **Description** Specify connection timeout to server, default is 10 seconds **Type:** number **Range:** 1-255 **Default:** 10 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _100_windows_instance-list_host: windows_instance-list_host ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **hostip** **Description** Specify the Windows server's hostname(Length 1-31) or IP address **Type:** string **Format:** host **Maximum Length:** 31 characters **Maximum Length:** 1 characters **Mutual Exclusion:** hostip and hostipv6 are mutually exclusive **hostipv6** **Description** Specify the Windows server's IPV6 address **Type:** string **Format:** ipv6-address **Mutual Exclusion:** hostipv6 and hostip are mutually exclusive .. _100_windows_instance-list_sampling-enable: windows_instance-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'krb_send_req_success': Kerberos Request; 'krb_get_resp_success': Kerberos Response; 'krb_timeout_error': Kerberos Timeout; 'krb_other_error': Kerberos Other Error; 'krb_pw_expiry': Kerberos password expiry; 'krb_pw_change_success': Kerberos password change success; 'krb_pw_change_failure': Kerberos password change failure; 'ntlm_proto_nego_success': NTLM Protocol Negotiation Success; 'ntlm_proto_nego_failure': NTLM Protocol Negotiation Failure; 'ntlm_session_setup_success': NTLM Session Setup Success; 'ntlm_session_setup_failure': NTLM Session Setup Failure; 'ntlm_prepare_req_success': NTLM Prepare Request Success; 'ntlm_prepare_req_error': NTLM Prepare Request Error; 'ntlm_auth_success': NTLM Authentication Success; 'ntlm_auth_failure': NTLM Authentication Failure; 'ntlm_timeout_error': NTLM Timeout; 'ntlm_other_error': NTLM Other Error; 'krb_validate_kdc_success': Kerberos KDC Validation Success; 'krb_validate_kdc_failure': Kerberos KDC Validation Failure; **Type:** string **Supported Values:** all, krb_send_req_success, krb_get_resp_success, krb_timeout_error, krb_other_error, krb_pw_expiry, krb_pw_change_success, krb_pw_change_failure, ntlm_proto_nego_success, ntlm_proto_nego_failure, ntlm_session_setup_success, ntlm_session_setup_failure, ntlm_prepare_req_success, ntlm_prepare_req_error, ntlm_auth_success, ntlm_auth_failure, ntlm_timeout_error, ntlm_other_error, krb_validate_kdc_success, krb_validate_kdc_failure .. _100_windows_instance-list_auth-protocol: windows_instance-list_auth-protocol ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **kdc-validate** **Description** Enable KDC validation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **kerberos-disable** **Description** Disable Kerberos authentication protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **kerberos-kdc-validation** **Description:** kerberos-kdc-validation is a **JSON Block**. Please see below for :ref:`100_windows_instance-list_auth-protocol_kerberos-kdc-validation` **Type:** Object **kerberos-password-change-port** **Description** Specify the Kerbros password change port, default is 464 **Type:** number **Range:** 1-65534 **Default:** 464 **kerberos-port** **Description** Specify the Kerberos port, default is 88 **Type:** number **Range:** 1-65534 **Default:** 88 **kport-hm** **Description** Check Kerberos port's health status **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** kport-hm and kport-hm-disable are mutually exclusive **Reference Object:** :doc:`/axapi/v3/health/monitor ` **kport-hm-disable** **Description** Disable configured Kerberos port health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** kport-hm-disable and kport-hm are mutually exclusive **ntlm-disable** **Description** Disable NTLM authentication protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ntlm-health-check** **Description** Check NTLM port's health status **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ntlm-health-check and ntlm-health-check-disable are mutually exclusive **Reference Object:** :doc:`/axapi/v3/health/monitor ` **ntlm-health-check-disable** **Description** Disable configured NTLM port health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** ntlm-health-check-disable and ntlm-health-check are mutually exclusive **ntlm-version** **Description** Specify NTLM version, default is 2 **Type:** number **Range:** 1-2 **Default:** 2 .. _100_windows_instance-list_auth-protocol_kerberos-kdc-validation: windows_instance-list_auth-protocol_kerberos-kdc-validation ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) **kdc-account** **Description** Specify account for KDC validation **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **kdc-password** **Description** Specify account password **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **kdc-pwd** **Description** Account password **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **kdc-spn** **Description** Specify SPN for KDC validation **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _100_ocsp: ocsp ^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **instance-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ocsp/instance/{name} ` **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _100_ocsp_sampling-enable: ocsp_sampling-enable ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'stapling-certificate-good': Total OCSP Stapling Good Certificate Response; 'stapling-certificate-revoked': Total OCSP Stapling Revoked Certificate Response; 'stapling-certificate-unknown': Total OCSP Stapling Unknown Certificate Response; 'stapling-request-normal': Total OSCP Stapling Normal Request; 'stapling-request-dropped': Total OCSP Stapling Dropped Request; 'stapling-response-success': Total OCSP Stapling Success Response; 'stapling-response-failure': Total OCSP Stapling Failure Response; 'stapling-response-error': Total OCSP Stapling Error Response; 'stapling-response-timeout': Total OCSP Stapling Timeout Response; 'stapling-response-other': Total OCSP Stapling Other Response; 'request-normal': Total OSCP Normal Request; 'request-dropped': Total OCSP Dropped Request; 'response-success': Total OCSP Success Response; 'response-failure': Total OCSP Failure Response; 'response-error': Total OCSP Error Response; 'response-timeout': Total OCSP Timeout Response; 'response-other': Total OCSP Other Response; 'job-start-error': Total OCSP Job Start Error; 'polling-control-error': Total OCSP Polling Control Error; **Type:** string **Supported Values:** all, stapling-certificate-good, stapling-certificate-revoked, stapling-certificate-unknown, stapling-request-normal, stapling-request-dropped, stapling-response-success, stapling-response-failure, stapling-response-error, stapling-response-timeout, stapling-response-other, request-normal, request-dropped, response-success, response-failure, response-error, response-timeout, response-other, job-start-error, polling-control-error .. _100_ocsp_instance-list: ocsp_instance-list ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **health-check** **Description** Check server's health status **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check and health-check-disable are mutually exclusive **health-check-disable** **Description** Disable configured health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check-disable and health-check are mutually exclusive **health-check-string** **Description** Health monitor name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/health/monitor ` **http-version** **Description** Set HTTP version (default 1.0) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** Specify OCSP authentication server name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **packet-capture-template** **Description** Name of the packet capture template to be bind with this object **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/aam-auth-server-ocsp-inst-tmpl ` **port-health-check** **Description** Check port's health status **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** port-health-check and port-health-check-disable are mutually exclusive **Reference Object:** :doc:`/axapi/v3/health/monitor ` **port-health-check-disable** **Description** Disable configured port health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** port-health-check-disable and port-health-check are mutually exclusive **responder-ca** **Description** Specify the trusted OCSP responder's CA cert filename **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **responder-cert** **Description** Specify the trusted OCSP responder's cert filename **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **sampling-enable** **Type:** List **url** **Description** Specify the OCSP server's address (Format: http://host[:port]/) (The OCSP server's address(Format: http://host[:port]/)) **Type:** string **Format:** string-rlx **Maximum Length:** 255 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **version-type** **Description** '1.1': HTTP version 1.1; **Type:** string **Supported Values:** 1.1 .. _100_ocsp_instance-list_sampling-enable: ocsp_instance-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'request': Request; 'certificate-good': Good Certificate Response; 'certificate-revoked': Revoked Certificate Response; 'certificate-unknown': Unknown Certificate Response; 'timeout': Timeout; 'fail': Handle OCSP response failed; 'stapling-request': OCSP Stapling Request Send; 'stapling-certificate-good': OCSP Stapling Good Certificate Response; 'stapling-certificate-revoked': OCSP Stapling Revoked Certificate Response; 'stapling-certificate-unknown': OCSP Stapling Unknown Certificate Response; 'stapling-timeout': OCSP Stapling Timeout; 'stapling-fail': Handle OCSP response failed; **Type:** string **Supported Values:** all, request, certificate-good, certificate-revoked, certificate-unknown, timeout, fail, stapling-request, stapling-certificate-good, stapling-certificate-revoked, stapling-certificate-unknown, stapling-timeout, stapling-fail .. _100_radius: radius ^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **instance-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/radius/instance/{name} ` **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _100_radius_sampling-enable: radius_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'authen_success': Total Authentication Success; 'authen_failure': Total Authentication Failure; 'authorize_success': Total Authorization Success; 'authorize_failure': Total Authorization Failure; 'access_challenge': Total Access-Challenge Message Receive; 'timeout_error': Total Timeout; 'other_error': Total Other Error; 'request': Total Request; 'request-normal': Total Normal Request; 'request-dropped': Total Dropped Request; 'response-success': Total Success Response; 'response-failure': Total Failure Response; 'response-error': Total Error Response; 'response-timeout': Total Timeout Response; 'response-other': Total Other Response; 'job-start-error': Total Job Start Error; 'polling-control-error': Total Polling Control Error; 'accounting-request-sent': Accounting-Request Sent; 'accounting-success': Accounting Success; 'accounting-failure': Accounting Failure; **Type:** string **Supported Values:** all, authen_success, authen_failure, authorize_success, authorize_failure, access_challenge, timeout_error, other_error, request, request-normal, request-dropped, response-success, response-failure, response-error, response-timeout, response-other, job-start-error, polling-control-error, accounting-request-sent, accounting-success, accounting-failure .. _100_radius_instance-list: radius_instance-list ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **accounting-port** **Description** Specify the RADIUS server's accounting port, default is 1813 **Type:** number **Range:** 1-65534 **Default:** 1813 **acct-port-hm** **Description** Specify accounting port health check method **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** acct-port-hm and acct-port-hm-disable are mutually exclusive **Reference Object:** :doc:`/axapi/v3/health/monitor ` **acct-port-hm-disable** **Description** Disable configured accounting port health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** acct-port-hm-disable and acct-port-hm are mutually exclusive **auth-type** **Description** 'pap': PAP authentication. Default; 'mschapv2': MS-CHAPv2 authentication; 'mschapv2-pap': Use MS-CHAPv2 first. If server doesn't support it, try PAP; **Type:** string **Supported Values:** pap, mschapv2, mschapv2-pap **encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) **health-check** **Description** Check server's health status **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check and health-check-disable are mutually exclusive **health-check-disable** **Description** Disable configured health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check-disable and health-check are mutually exclusive **health-check-string** **Description** Health monitor name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/health/monitor ` **host** **Description:** host is a **JSON Block**. Please see below for :ref:`100_radius_instance-list_host` **Type:** Object **interval** **Description** Specify the interval time for resend the request (second), default is 3 seconds (The interval time(second), default is 3 seconds) **Type:** number **Range:** 1-1024 **Default:** 3 **name** **Description** Specify RADIUS authentication server name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **packet-capture-template** **Description** Name of the packet capture template to be bind with this object **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/aam-auth-server-rad-inst-tmpl ` **port** **Description** Specify the RADIUS server's authentication port, default is 1812 **Type:** number **Range:** 1-65534 **Default:** 1812 **port-hm** **Description** Check port's health status **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** port-hm and port-hm-disable are mutually exclusive **Reference Object:** :doc:`/axapi/v3/health/monitor ` **port-hm-disable** **Description** Disable configured port health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** port-hm-disable and port-hm are mutually exclusive **retry** **Description** Specify the retry number for resend the request, default is 5 (The retry number, default is 5) **Type:** number **Range:** 1-32 **Default:** 5 **sampling-enable** **Type:** List **secret** **Description** Specify the RADIUS server's secret **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **secret-string** **Description** The RADIUS server's secret **Type:** string **Format:** password **Maximum Length:** 128 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _100_radius_instance-list_host: radius_instance-list_host ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **hostip** **Description** Server's hostname(Length 1-31) or IP address **Type:** string **Format:** host **Maximum Length:** 31 characters **Maximum Length:** 1 characters **Mutual Exclusion:** hostip and hostipv6 are mutually exclusive **hostipv6** **Description** Server's IPV6 address **Type:** string **Format:** ipv6-address **Mutual Exclusion:** hostipv6 and hostip are mutually exclusive .. _100_radius_instance-list_sampling-enable: radius_instance-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'authen_success': Authentication Success; 'authen_failure': Authentication Failure; 'authorize_success': Authorization Success; 'authorize_failure': Authorization Failure; 'access_challenge': Access-Challenge Message Receive; 'timeout_error': Timeout; 'other_error': Other Error; 'request': Request; 'accounting-request-sent': Accounting-Request Sent; 'accounting-success': Accounting Success; 'accounting-failure': Accounting Failure; **Type:** string **Supported Values:** all, authen_success, authen_failure, authorize_success, authorize_failure, access_challenge, timeout_error, other_error, request, accounting-request-sent, accounting-success, accounting-failure .. _100_ldap: ldap ^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **instance-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ldap/instance/{name} ` **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _100_ldap_sampling-enable: ldap_sampling-enable ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'admin-bind-success': Total Admin Bind Success; 'admin-bind-failure': Total Admin Bind Failure; 'bind-success': Total User Bind Success; 'bind-failure': Total User Bind Failure; 'search-success': Total Search Success; 'search-failure': Total Search Failure; 'authorize-success': Total Authorization Success; 'authorize-failure': Total Authorization Failure; 'timeout-error': Total Timeout; 'other-error': Total Other Error; 'request': Total Request; 'request-normal': Total Normal Request; 'request-dropped': Total Dropped Request; 'response-success': Total Success Response; 'response-failure': Total Failure Response; 'response-error': Total Error Response; 'response-timeout': Total Timeout Response; 'response-other': Total Other Response; 'job-start-error': Total Job Start Error; 'polling-control-error': Total Polling Control Error; 'ssl-session-created': TLS/SSL Session Created; 'ssl-session-failure': TLS/SSL Session Failure; 'ldaps-idle-conn-num': LDAPS Idle Connection Number; 'ldaps-inuse-conn-num': LDAPS In-use Connection Number; 'pw-expiry': Total Password expiry; 'pw-change-success': Total password change success; 'pw-change-failure': Total password change failure; **Type:** string **Supported Values:** all, admin-bind-success, admin-bind-failure, bind-success, bind-failure, search-success, search-failure, authorize-success, authorize-failure, timeout-error, other-error, request, request-normal, request-dropped, response-success, response-failure, response-error, response-timeout, response-other, job-start-error, polling-control-error, ssl-session-created, ssl-session-failure, ldaps-idle-conn-num, ldaps-inuse-conn-num, pw-expiry, pw-change-success, pw-change-failure .. _100_ldap_instance-list: ldap_instance-list ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **admin-dn** **Description** The LDAP server's admin DN **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **admin-secret** **Description** Specify the LDAP server's admin secret password **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **auth-type** **Description** 'ad': Active Directory. Default; 'open-ldap': OpenLDAP; **Type:** string **Supported Values:** ad, open-ldap **base** **Description** Specify the LDAP server's search base **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **bind-with-dn** **Description** Enforce using DN for LDAP binding(All user input name will be used to create DN) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ca-cert** **Description** Specify the LDAPS CA cert filename (Trusted LDAPS CA cert filename) **Type:** string **Maximum Length:** 245 characters **Maximum Length:** 1 characters **default-domain** **Description** Specify default domain for LDAP **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **derive-bind-dn** **Description:** derive-bind-dn is a **JSON Block**. Please see below for :ref:`100_ldap_instance-list_derive-bind-dn` **Type:** Object **dn-attribute** **Description** Specify Distinguished Name attribute, default is CN **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters **Default:** cn **encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) **health-check** **Description** Check server's health status **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check and health-check-disable are mutually exclusive **health-check-disable** **Description** Disable configured health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check-disable and health-check are mutually exclusive **health-check-string** **Description** Health monitor name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/health/monitor ` **host** **Description:** host is a **JSON Block**. Please see below for :ref:`100_ldap_instance-list_host` **Type:** Object **ldaps-conn-reuse-idle-timeout** **Description** Specify LDAPS connection reuse idle timeout value (in seconds) (Specify idle timeout value (in seconds), default is 0 (not reuse LDAPS connection)) **Type:** number **Range:** 0-86400 **Default:** 0 **name** **Description** Specify LDAP authentication server name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **packet-capture-template** **Description** Name of the packet capture template to be bind with this object **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/aam-auth-server-ldap-inst-tmpl ` **port** **Description** Specify the LDAP server's authentication port, default is 389 **Type:** number **Range:** 1-65534 **Default:** 389 **port-hm** **Description** Check port's health status **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** port-hm and port-hm-disable are mutually exclusive **Reference Object:** :doc:`/axapi/v3/health/monitor ` **port-hm-disable** **Description** Disable configured port health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** port-hm-disable and port-hm are mutually exclusive **prompt-pw-change-before-exp** **Description** Prompt user to change password before expiration in N days. This option only takes effect when server type is AD (Prompt user to change password before expiration in N days, default is not to prompt the user) **Type:** number **Range:** 1-999 **protocol** **Description** 'ldap': Use LDAP (default); 'ldaps': Use LDAP over SSL; 'starttls': Use LDAP StartTLS; **Type:** string **Supported Values:** ldap, ldaps, starttls **Default:** ldap **pwdmaxage** **Description** Specify the LDAP server's default password expiration time (in seconds) (The LDAP server's default password expiration time (in seconds), default is 0 (no expiration)) **Type:** number **Range:** 0-4294967295 **Default:** 0 **sampling-enable** **Type:** List **secret-string** **Description** secret password **Type:** string **Format:** password **Maximum Length:** 128 characters **Maximum Length:** 1 characters **timeout** **Description** Specify timout for LDAP, default is 10 seconds (The timeout, default is 10 seconds) **Type:** number **Range:** 1-255 **Default:** 10 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _100_ldap_instance-list_sampling-enable: ldap_instance-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'admin-bind-success': Admin Bind Success; 'admin-bind-failure': Admin Bind Failure; 'bind-success': User Bind Success; 'bind-failure': User Bind Failure; 'search-success': Search Success; 'search-failure': Search Failure; 'authorize-success': Authorization Success; 'authorize-failure': Authorization Failure; 'timeout-error': Timeout; 'other-error': Other Error; 'request': Request; 'ssl-session-created': TLS/SSL Session Created; 'ssl-session-failure': TLS/SSL Session Failure; 'pw_expiry': Password expiry; 'pw_change_success': Password change success; 'pw_change_failure': Password change failure; **Type:** string **Supported Values:** all, admin-bind-success, admin-bind-failure, bind-success, bind-failure, search-success, search-failure, authorize-success, authorize-failure, timeout-error, other-error, request, ssl-session-created, ssl-session-failure, pw_expiry, pw_change_success, pw_change_failure .. _100_ldap_instance-list_derive-bind-dn: ldap_instance-list_derive-bind-dn ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **username-attr** **Description** Specify attribute name of username **Type:** string **Format:** string-rlx **Maximum Length:** 31 characters **Maximum Length:** 1 characters .. _100_ldap_instance-list_host: ldap_instance-list_host ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **hostip** **Description** Server's hostname(Length 1-31) or IP address **Type:** string **Format:** host **Maximum Length:** 31 characters **Maximum Length:** 1 characters **Mutual Exclusion:** hostip and hostipv6 are mutually exclusive **hostipv6** **Description** Server's IPV6 address **Type:** string **Format:** ipv6-address **Mutual Exclusion:** hostipv6 and hostip are mutually exclusive