Risks of Disabling eDirectory Account Policy Checking

With eDirectory integration, the RADIUS server can read the universal password from eDirectory. Therefore, if the account of the user is disabled or closed in eDirectory, the RADIUS server can still read the universal password and authorize the user. Also, the intruder detection facility of eDirectory will be bypassed.

To avoid the above risks, we strongly recommend that you enable the eDirectory account policy check so that the authorization fails if either the RADIUS server or the eDirectory server does not authorize the user.

Figure 2
eDirectory Account Policy Check Disabled
Figure 3
eDirectory Account Policy Check Enabled