Skip to main content

WALLIX Bastion

Trustelem Configuration

Before starting, please be sure to have installed TrustelemConnect on your server, and setup this application in Trustelem admin Services tab.

LDAP-Radius

bastion.png

Bastion configuration

LDAP
  • Go on Configuration > External authentication

  • Create a new LDAP authentication

  • In the field Authentication name choose a name for your LDAP authentication

  • In The fields Server and Port, write the server IP where TrustelemConnect is running and the port defined on Trustelem admin tab Services

  • In the Timeout field add 30.0 seconds

  • Tick the Active Directory checkbox

  • Write the LDAP Base DN provides in your Trustelem Bastion model, in the Base DN field and let sAMAccountName in the Login attribute and User name attribute fields

    • Note: if Trustelem users don't have a "sAmAccountName" (local users), you can use "mail" instead. Doing so, they will authenticate on the Bastion using their Trustelem email adress
  • In the User field write cn=LDAP Service account provides by Trustelem,LDAP Base DN and the LDAP Password provides by Trustelem in the Password field

  • Click on Apply bastion2.png

RADIUS
  • Go on Configuration > External authentication

  • Create a new RADIUS authentication

  • In the field Authentication name choose a name for your RADIUS authentication

  • In The fields Server and Port, write the server IP where TrustelemConnect is running and the port defined on Trustelem admin tab Services

  • In the Timeout field add 30.0 seconds

  • Type the Radius Secret provides by Trustelem in the Secret field

  • Under Two-Factor Authentication check Use primary domain name

  • Click on Apply bastion4.PNG

  • Use primary domain name:

    • if the LDAP users authenticate using a sAMAccountName (which exist on Trustelem) you don't have to check "Use primary domain name".
    • if the LDAP users authenticate using a sAMAccountName (which doesn't exist on Trustelem) BUT the Bastion LDAP domain name matchs the right part of the Trustelem email adress (for instance wallix.com for user@wallix.com), check "Use primary domain name".
    • if the LDAP users authenticate using a mail, you don't have to check "Use primary domain name"
LDAP AD Domain
  • Create a new LDAP AD Domain
  • Add the correct LDAP/AD domain name.
    • if the LDAP users authenticate using a sAMAccountName (which doesn't exist on Trustelem), the LDAP/AD domain name has to match the right part of the Trustelem email adress (for instance wallix.com for user@wallix.com).
  • Add the Active Directory authentication
  • Add the Radius authentication
  • If you need to mapp users from Trustelem LDAP, use :
cn=[trustelem group],ou=groups,dc=o10332,dc=trustelem,dc=com*

bastion5.PNG bastion6.PNG