Skip to main content
Code42 Support

Use RADIUS and LDAP together

Applies to:
  • CrashPlan PROe

Overview

This tutorial explains how to configure your Code42 environment to support the use of RADIUS and LDAP together. Under this configuration, RADIUS is used for authentication, while LDAP handles other aspects of user management, such as user deactivation, role assignment, and organization assignment.

Considerations

  • Your enterprise servers must be running version 4.1.6.3 or later.
  • Users in your Code42 environment must have matching RADIUS and LDAP usernames.
Testing RADIUS and LDAP
As a best practice, we recommend configuring RADIUS and LDAP in a test organization first to verify the configuration works as expected. Then, implement the settings for existing organizations or within your top-level organization settings as described below.

Before you begin

Step 1: Configure organizations to use RADIUS and LDAP

Enable RADIUS and LDAP by modifying a specific organization or by modifying the top-level organization settings.

Option A: Enable RADIUS and LDAP for a specific organization

  1. Sign in to the administration console on your master server.
  2. Navigate to Organizations, then select the organization.
  3. From the Action menu, select Edit.
  4. Click Security.
    Enabling RADIUS and LDAP for an organization
  5. If necessary, deselect Inherit security settings from parent.
  6. Configure RADIUS as the authentication method:
    1. From Select an authentication method, choose RADIUS.
      The configured RADIUS servers appear.
    2. Select the RADIUS server that you want to offer for the organization.
  7. Configure LDAP as the directory service:
    1. From Select a directory service, select LDAP.
      The configured LDAP servers appear.
    2. Select an LDAP server.
  8. Click Save.

Option B: Enable RADIUS and LDAP for all organizations

Modify the top-level organization settings to enable RADIUS and LDAP for all organizations.

Disabling inheritance
If inheritance is disabled for an organization, that organization is not affected by changes to its parent organization.
  1. Sign in to the administration console on your master server.
  2. Navigate to Settings > Organization.
  3. Click Security.
  4. Configure RADIUS as the authentication method:
    1. From Select an authentication method, choose RADIUS.
      The configured RADIUS servers appear.
    2. Select the RADIUS server that you want to offer for the organization.
  5. Configure LDAP as the directory service:
    1. From Select a directory service, select LDAP.
      The configured LDAP servers appear.
    2. Select an LDAP server.
  6. Click Save.

Step 2: Add new users that sign in with RADIUS and LDAP

To allow new users to create their own accounts when they first sign in to a CrashPlan app, deploy a customized CrashPlan app that is configured to defer user passwords. Alternatively, you can use the administration console to create user accounts.

Option A: Deploy the CrashPlan app

Distribute the CrashPlan app installer to new users.

  • New users can register accounts in your Code42 environment by signing in with RADIUS credentials.
  • New users begin backing up the default file selection immediately without authenticating if all of the following conditions are met:
    • The organization is configured to auto-start backups.
    • The CrashPlan app is modified to contain the correct organization registration key.
    • The CrashPlan app is modified to defer the user's password.
      Users are not able to sign in to the CrashPlan app or restore unless they have a valid RADIUS account.
SharePlan registration
The SharePlan app cannot be used to register RADIUS-enabled user accounts. If your Code42 environment uses SharePlan, deploy the CrashPlan app to create user accounts before deploying the SharePlan app.

Option B: Add users in the Administration console

Use the administration console to add users to an organization that uses RADIUS.

  • Verify that the users in the organization exist in the RADIUS and LDAP servers used by the organization.
  • Make sure that the Code42 environment usernames match the RADIUS and LDAP usernames.
  • Was this article helpful?