This article answers frequently-asked questions about Datto appliance compatibility with common authentication methods.
Can the Datto appliance be configured to use the following types of authentication?
LDAP: Datto devices can authenticate to an LDAP server in the same way they authenticate to any other type of domain. LDAP is configured within your network infrastructure.
Radius: This form of authentication is only supported by appliances in the Datto Networking suite. It is not currently supported on SIRIS, Alto, or DNAS devices.
SSL: HTTPS and SSL are supported on Datto appliances running the IRIS 3 (Ubuntu 16.04) software stack. Because these devices use a self-signed certificate, you may receive a browser warning that the certificate is untrusted when accessing the appliance's GUI via HTTPS. If the appliance is on a managed switched network with no malicious activity, this warning can be disregarded.
To enable HTTPS on a Datto appliance, access the device's GUI and navigate to Configure → Device Settings → HTTPS → Enable HTTPS. The device will generate a self-signed certificate which will negotiate a bidirectionally tunneled authentication mechanism. SSL is included in the exchange.
PAP and SPAP: Not supported. PAP sends a username and password to the authentication server in plain text, and is not secure. It was primarily used when connecting to old Unix-based servers with no support for more advanced encryption protocols. SPAP uses a reversible encryption mechanism, and is also not secure.
CHAP: Datto appliances use CHAP authentication for iSCSI shares by default.
EAP: This form of authentication is 802.11x-based, and is only applicable to appliances in the Datto Networking suite. It is not supported on SIRIS, Alto, or DNAS devices.
Certificate services: Not currently supported.