SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support"

Transcription

1 SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support Document Scope This document describes the integration of SonicOS Enhanced 3.2 with Lightweight Directory Access Protocol (LDAP) and how to configure a SonicWALL appliance to use LDAP for user authentication. This document contains the following sections: LDAP Overview on page 2 LDAP Directory Services Supported in SonicOS Enhanced on page 2 New LDAP Support in SonicOS 3.2 on page 4 Support for LDAP Continuation References on page 4 Support for the NIS and Samba SMB Schemas on page 7 CHAP Support for L2TP Server Users with LDAP on page 8 Schema Download from the LDAP Server on page 9 Support for RFC1779 Escapes in User Group Names on page 10 Configuring LDAP integration in SonicOS Enhanced on page 11 Before you begin on page 11 Configuring the SonicWALL Appliance for LDAP on page 12 Further Information on LDAP Schemas on page 19 RADIUS with LDAP for user groups on page 20 1

2 LDAP Overview LDAP Overview Lightweight Directory Access Protocol (LDAP) defines a directory services structure for storing and managing information about elements in you network, such as user accounts, user groups, hosts, and servers. Several different standards exist that use LDAP to manage user account, group, and permissions. Some are proprietary systems, like Microsoft Active Directory, which you can manage using LDAP. Some are open standards Samba, which are implementations of the LDAP standards. Some are proprietary systems, like Novell edirectory, which provide an LDAP API for managing the user repository information. In addition to RADIUS and the local user database, SonicOS Enhanced supports LDAP, Microsoft Active Directory (AD), and Novell edirectory directory services for user authentication. LDAP Directory Services Supported in SonicOS Enhanced LDAP Terms In order to integrate with the most common directory services used in company networks, SonicOS Enhanced supports integration with the following LDAP schemas: Microsoft Active Directory RFC2798 InetOrgPerson RFC2307 Network Information Service Samba SMB Novell edirectory User-defined schemas SonicOS Enhanced provides support for directory servers running the following protocols: LDAPv2 (RFC3494) LDAPv3 (RFC , RFC3377) LDAPv3 over TLS (RFC2830) LDAPv3 with STARTTLS (RFC2830) LDAP Referrals (RFC2251) The following terms are useful when working with LDAP and its variants: Schema The schema is the set of rules or the structure that defines the types of data that can be stored in a directory, and how that data can be stored. Data is stored in the form of entries. Active Directory (AD) The Microsoft directory service, commonly used with Windows-based networking. Microsoft Active Directory is compatible with LDAP. edirectory The Novell directory service, used for Novell NetWare-based networking. Novell edirectory has an LDAP gateway that can be used for management. Entry The data that is stored in the LDAP directory. Entries are stored in attribute /value (or name/value) pairs, where the attributes are defined by object classes. A sample entry would be cn=john where cn (common name) is the attribute, and john is the value. Object class Object classes define the type of entries that an LDAP directory may contain. A sample object class, as used by AD, would be user or group. 2

3 LDAP Overview Microsoft Active Directory s Classes can be browsed at <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/classes_all.asp> Object - In LDAP terminology, the entries in a directory are referred to as objects. For the purposes of the SonicOS implementation of the LDAP client, the critical objects are User and Group objects. Different implementations of LDAP can refer to these object classes in different fashions, for example, Active Directory refers to the user object as user and the group object as group, while RFC2798 refers to the user object as inetorgperson and the group object as groupofnames. Attribute - A data item stored in an object in an LDAP directory. The object can have required attributes or allowed attributes. For example, the dc attribute is a required attribute of the dcobject (domain component) object. dn - A distinguished name, which is a globally unique name for a user or other object. It is made up of a number of components, usually starting with a common name (cn) component and ending with a domain specified as two or more domain components (dc). For example, cn=john,cn=users,dc=domain,dc=com cn The common name attribute is a required component of many object classes throughout LDAP. ou The organizational unit attribute is a required component of most LDAP schema implementations. dc The domain component attribute is commonly found at the root of a distinguished name, and is commonly a required attribute. TLS Transport Layer Security is the IETF standardized version of SSL (Secure Sockets Layer). TLS 1.0 is the successor to SSL

4 New LDAP Support in SonicOS 3.2 New LDAP Support in SonicOS 3.2 SonicOS Enhanced 3.2 adds five new features to its LDAP support: Support for LDAP Continuation References Support for the NIS and Samba SMB Schemas CHAP Support for L2TP Server Users with LDAP Schema Download from the LDAP Server Support for RFC1779 Escapes in User Group Names Support for LDAP Continuation References Support for Continuation References is added to LDAP in SonicOS 3.2 enhanced firmware. SonicOS 3.1 enhanced firmware supports LDAP Referrals but not Continuation References. LDAP Referrals and Continuation References allow the SonicWALL to access LDAP directories on multiple LDAP servers through a single LDAP server. This is most frequently used for access to directories in sub (child) domains through the LDAP server for the parent domain. LDAP Referrals and References allow the SonicWALL UTM appliance access to directories hosted on different LDAP servers without the additional complexity of configuring for all of them. The client is configured with a single primary LDAP server to which it sends its requests. Should the request require access to a part of the directory that is not hosted on that server, the server will return a referral giving the location of a different server to try. In the case of a search request, should the search encompass a part of the directory that is not hosted on that server in addition to the part that is, then it will return a reference giving the location of a different server to try for more results. Usually, the directory is split between multiple LDAP servers by domain, with each server hosting an entire domain. Support of Referrals and References is provided by OpenLDAP. Login to any secondary servers will use the same credentials (name, password and location in the directory tree) as the primary LDAP server. To log in, those credentials will be used with each of the domains (other than the primary domain) from the configured user trees in turn. Once login is successful the domain used will be recorded for future use by the secondary server. Note This may require creating a matching user account on each of the LDAP servers especially for the use of the SonicWALL. Continuation References are similar to Referrals but are returned in search results to indicate that more results may be obtained by continuing the search on other given LDAP servers. 4

5 New LDAP Support in SonicOS 3.2 Using Continuation References To simplify configuration in a small installation with sub domains, just one user and/or user group tree search can be configured. The tree search is set to the top of the directory tree on the parent domain (the parent domain itself). Continuation references to child domains under the parent domain are returned during user authentication and allow user authentication searches to encompass those users in sub domains of the parent domain. Continuation references returned during auto-configuration of the user and user group trees are now followed. This allows the parent and all sub domains to be auto-configured in a single operation. Use LDAP Continuation References when you have user trees on multiple servers, for example: server1.mydomain.com/users server2.mydomain.com/users server3.location2.mydomain.com/users server4.location3.mydomain.com/users Configuring LDAP Continuation References To configure SonicOS Enhanced 3.2 with LDAP Continuation References: 1. In the Users > Settings page of the administration interface, select LDAP or LDAP + Local Users for Authentication Method and click Configure. 2. In the LDAP Configuration dialog box, in the Directory tab, enter the name of your primary domain only in the Primary Domain, Trees Containing Users, and Trees Containing User Groups fields. When searching for a user, it will automatically search all servers and sub domains within your primary domain. 5

6 New LDAP Support in SonicOS 3.2 LDAP Continuation References with Large User Trees If you have a large user tree, it can be less efficient to use LDAP Continuation References. In this case it is more efficient to configure the servers and user trees manually into the LDAP settings. For example, if you have a server at your primary location with a very large user tree and one at a second location where you only have a few people: headquarters.mydomain.com/users - 2,000 users location2.mydomain.com/users - 25 users In this case, it would be best to have separate user and group trees configured for headquarters.mydomain.com, while a single location2.mydomain.com entry would suffice for the server with the smaller tree. 6

7 New LDAP Support in SonicOS 3.2 Support for the NIS and Samba SMB Schemas Using NIS and Samba SMB SonicOS Enhanced 3.2 supports the RFC 2307 Network Interface Service (NIS) schema and the Samba SMB schema that is derived from it. RFC2307 Network Information Service is a mechanism for mapping network entities related to TCP/IP and the UNIX system, such as network hosts and Unix user accounts, to LDAP. Samba Server Message Block Protocol (SMB) provides a method for client applications on a computer to read and write to files to the network and to request services from server programs in a network. In the Schema tab of the LDAP Configuration dialog box, select either RFC2307 Network Information Service or Samba SMB from the LDAP Schema list. When you select RFC2307 Network Information Service, the following fields are pre-populated: User Objects: Object class: posixaccount Login name attribute: uid User Group Objects: Object class: posixgroup Member attribute: memberuid is: User ID When you select Samba SMB, the following fields are pre populated: User Objects: Object class: sambasamaccount Login name attribute: uid User Group Objects: Object class: sambagroupmapping Member attribute: memberuid is: User ID 7

8 New LDAP Support in SonicOS 3.2 CHAP Support for L2TP Server Users with LDAP CHAP (Challenge-Handshake Authentication Protocol) is a secure procedure for authenticating a user. CHAP is more secure than regular password authentication, because CHAP requires a two-way handshake for authentication. In CHAP: 1. After the initial link is made, the server sends a challenge message to the connection requestor. The requestor responds with a value obtained by using a one-way hash function. 2. The server checks the response by comparing it to its own calculation of the expected hash value. 3. If the values match, the authentication is acknowledged; otherwise, the connection is terminated. At any time, the server can request the connected party to send a new challenge message. CHAP is defined in RFC1334, available at <http://rfc.net/rfc1334.html>. When configured for LDAP, SonicOS 3.2 allows CHAP authentication directly with LDAP in cases where the LDAP server can be configured to return user passwords to the SonicWALL appliance. In some cases, this may require the LDAP server to be configured to store passwords reversibly. Note Microsoft Active Directory does not support CHAP authentication with SonicWALL appliances. Testing CHAP Authentication In the Test tab of the LDAP Configuration dialog box, select the CHAP choice for Test. The default values to test CHAP are: User: CHAP Password: MSCHAP 8

9 New LDAP Support in SonicOS 3.2 Schema Download from the LDAP Server In SonicOS Enhanced 3.2, you can read details of the schema from the LDAP server. You can choose to either export the information to file with a name of ldapschema_xxx.wri (where xxx is from the SonicWALL appliances s serial number), or you can have SonicOS use the information to automatically select the correct schema in the LDAP configuration. If you are uncertain of your organization s LDAP schema, this provides a useful tool for examining the schema. You can also use the downloaded schema as a template for modifying a custom LDAP schema. Downloading the Schema Definition In the Schema tab of the LDAP Configuration dialog box, click the Read From Server button to download the schema. Before you can download the schema, you must have configured in the LDAP Configuration dialog box: The correct name or address of the LDAP server entered in the Settings tab. The correct schema selected in the Schema tab. The correct primary domain, user trees, and user group trees in the Directory tab. 9

10 New LDAP Support in SonicOS 3.2 Support for RFC1779 Escapes in User Group Names SonicOS Enhanced 3.2 has added support for RFC1779 special character escapes in group names. Prior to 3.2, SonicOS Enhanced only supported RFC17709 escapes in user names. Certain characters require escaping when sent in LDAP requests, as per RFC1779, and that was not previously done for user group names. This meant that user group names containing characters such as commas would not be recognized when returned from the LDAP server to the SonicWALL. RFC1779 escapes are required for names containing the following characters:, + = " < > # ; When SonicOS Enhanced encounters a user name or group name containing a character requiring an escape, it automatically sends it to or reads it from the LDAP server with the correct RFC1779 escape. You do not need to configure SonicOS Enhanced to use these escapes. For more information, see 10

11 Configuring LDAP integration in SonicOS Enhanced Configuring LDAP integration in SonicOS Enhanced Integrating your SonicWALL appliance with an LDAP directory service requires configuring your LDAP server to accept the management, installing the correct certificate on your SonicWALL appliance, and configuring the SonicWALL appliance to use the information from the LDAP Server. Before you begin Before beginning your LDAP configuration, you should prepare your LDAP server and your SonicWALL for LDAP over TLS support. This requires: Installing a server certificate and your LDAP server. Installing a CA (Certificate Authority) certificate for the issuing CA on your SonicWALL appliance. To perform these tasks in an Active Directory environment: 1. Configuring the CA on the Active Directory server (skip steps a. through e. if Certificate Services are already installed): a. Navigate to Start>Settings>Control Panel>Add/Remove Programs b. Select Add/Remove Windows Components c. Select Certificate Services d. Select Enterprise Root CA when prompted. e. Enter the requested information. For detailed information on CA setup, see f. Launch the Domain Security Policy application: Start>Run>dompol.msc g. Open Security Settings > Public Key Policies h. Right click on Automatic Certificate Request Settings i. Select New > Automatic Certificate Request j. Step through the wizard, and select Domain Controller from the list. 2. Exporting the CA certificate from the AD server: a. Launch the Certification Authority application: Start>Run>certsrv.msc b. Right click on the CA you created, select properties c. On the General tab, click the View Certificate button d. From the Details tab, select Copy to File e. Step through the wizard, select the Base-64 Encoded X.509 (.cer) format f. Specify a path and filename to which to save the certificate. 3. Importing the CA certificate onto the SonicWALL: a. Browse to System > CA Certificates b. Select Add new CA certificate c. Browse to and select the certificate file you just exported d. Click the Import certificate button. 11

12 Configuring LDAP integration in SonicOS Enhanced Configuring the SonicWALL Appliance for LDAP The Users > Settings page in the administrative interface provides the settings for managing your LDAP integration: 1. In the SonicOS administrative interface, open the Users > Settings page. 2. In the Authentication Method list, select either LDAP or LDAP + Local Users. 3. Click Configure. 4. If you are connected to your SonicWALL appliance via HTTP rather than HTTPS, you will see warning offering to change your connection to HTTPS. If you have HTTPS management enabled for the interface you are connected to (recommended), click Yes. 5. In the Settings tab LDAP Configuration window, configure: 12

13 Configuring LDAP integration in SonicOS Enhanced Name or IP Address Enter the FQDN or the IP address of the LDAP server against which you wish to authenticate. If using a name, be certain it can be resolved by your DNS server. Also, if using TLS with the Require valid certificate from server option, the name provided here must match the name to which the server certificate was issued (i.e. the CN) or the TLS exchange will fail. Port Number The default LDAP over TLS port number is TCP 636. The default LDAP (unencrypted) port number is TCP 389. If you are using a custom listening port on your LDAP server, specify it here. Server timeout The amount of time, in seconds, that the SonicWALL will wait for a response from the LDAP server before timing out. Allowable ranges are 1 to (in case you re running your LDAP server on a VIC-20 located on the moon), with a default of 10 seconds. Anonymous Login Some LDAP servers allow for the tree to be accessed anonymously. If your server supports this (MSAD generally does not), then you may select this option. Login name Specify a user name which has rights to log in to the LDAP directory. The login name will automatically be presented to the LDAP server in full dn notation. This can be any account with LDAP read privileges (essentially any user account) Administrative privileges are not required. Note that this is the user s name, not their login ID (e.g. John Smith rather than jsmith). Login password The password for the user account specified above. Protocol version Select either LDAPv3 or LDAPv2. Most modern implementations of LDAP, including AD, employ LDAPv3. Use TLS Use Transport Layer Security (SSL) to log in to the LDAP server. It is strongly recommended that TLS be used to protected the username and password information that will be sent across the network. Most modern implementations of LDAP server, including AD, support TLS. Deselecting this default setting will provide an alert which must be accepted to proceed. Send LDAP Start TLS Request Some LDAP server implementations support the Start TLS directive rather than using native LDAP over TLS. This allows the LDAP server to listen on one port (normally 389) for LDAP connections, and to switch to TLS as directed by the client. AD does not use this option, and it should only be selected if required by your LDAP server. Require valid certificate from server Validates the certificate presented by the server during the TLS exchange, matching the name specified above to the name on the certificate. Deselecting this default option will present an alert, but exchanges between the SonicWALL and the LDAP server will still use TLS only without issuance validation. Local certificate for TLS Optional, to be used only if the LDAP server requires a client certificate for connections. Useful for LDAP server implementations that return passwords to ensure the identity of the LDAP client (AD does not return passwords). This setting is not required for AD. If your network uses multiple LDAP/AD servers with referrals, then select one as the primary server (probably the one that holds the bulk of the users) and use the above settings for that server. It will then refer the SonicWALL on to the other servers for users in domains other than its own. For the SonicWALL to be able to log in to those other servers, each server must have a user configured with the same credentials (user name, password and location in the directory) as per the login to primary server. This may entail creating a special user in the directory for the SonicWALL login. Note that only read access to the directory is required. 13

14 Configuring LDAP integration in SonicOS Enhanced 6. Select the Schema tab: LDAP Schema select Microsoft Active Directory, RFC2798 inetorgperson, RFC2307 Network Information Service, Samba SMB, Novell edirectory, or user-defined. Selecting any of the predefined schemas will automatically populate the fields used by that schema with their correct values. Selecting user-defined will allow you to specify your own values use this only if you have a specific or proprietary LDAP schema configuration. Object class this defines which attribute represents the individual user account to which the next two fields apply Login name attribute this defines which attribute is used for login authentication. samaccountname for Microsoft Active Directory inetorgperson for RFC2798 inetorgperson posixaccount for RFC2307 Network Information Service sambasamaccount for Samba SMB inetorgperson for Novell edirectory Qualified login name attribute if not empty, this specifies an attribute of a user object that sets an alternative login name for the user in format. This may be needed with multiple domains in particular, where the simple login name may not be unique across domains. This is set to mail for Microsoft Active Directory and RFC2798 inetorgperson. User group membership attribute this attribute contains the information in the user object of which groups it belongs to. This is memberof in Microsoft Active Directory. The other pre-defined schemas store group membership information in the group object rather than the user object, and therefore do not use this field. Framed IP address attribute this attribute can be used to retrieve a static IP address that is assigned to a user in the directory. Currently it is only used for a user connecting via L2TP with the SonicWALL s L2TP server. In future this may also be supported for Global VPN Client. In Active Directory the static IP address is configured on the Dial-in tab of a user s properties. 14

15 Configuring LDAP integration in SonicOS Enhanced 7. Select the Directory tab. Primary Domain Specify the user domain used by your LDAP implementation. For AD, this will be the Active Directory domain name, e.g. youraddomain.com. Changes to this field will, optionally, automatically update the tree information in the rest of the page. This is set to mydomain.com by default for all schemas except Novell edirectory, for which it is set to o=mydomain. User tree for login to server The tree in which the user specified in the Settings tab resides. For example, in AD the administrator account s default tree is the same as the user tree. Trees containing users The trees where users commonly reside in the LDAP directory. One default value is provided which can be edited, and up to a total of 64 DN values may be provided. The SonicWALL searches the directory using them all until a match is found, or the list is exhausted. If you have created other user containers within your LDAP or AD directory, you should specify them here. Trees containing user groups Same as above, only with regard to user group containers, and a maximum of 32 DN values may be provided. These are only applicable when there is no user group membership attribute in the schema's user object, and are not used with AD. All the above trees are normally given in URL format but can alternatively be specified as distinguished names (e.g. mydom.com/sales/users could alternatively be given as the DN ou=users,ou=sales,dc=mydom,dc=com ). The latter form will be necessary if the DN does not conform to the normal formatting rules as per that example. In Active Directory the URL corresponding to the distinguished name for a tree is displayed on the Object tab in the properties of the container at the top of the tree. Note AD has some built-in containers that do not conform (e.g. the DN for the top level Users container is formatted as cn=users,dc=, using cn rather than ou ) but the SonicWALL knows about and deals with these, so they can be entered in the simpler URL format. Ordering is not critical, but since they are searched in the given order it is most efficient to place the most commonly used trees first in each list. If referrals between multiple LDAP servers are to be used, then the trees are best ordered with those on the primary server first, and the rest in the same order that they will be referred. 15

16 Configuring LDAP integration in SonicOS Enhanced Note When working with AD, to determine the location of a user in the directory for the User tree for login to server field, the directory can be searched manually from the Active Directory Users and Settings control panel applet on the server, or a directory search utility such as queryad.vbs in the Windows NT/2000/XP Resource Kit can be run from any PC in the domain. Auto-configure This causes the SonicWALL to auto-configure the Trees containing users and Trees containing user groups fields by scanning through the directory/directories looking for all trees that contain user objects. The User tree for login to server must first be set, and clicking the Auto-configure button then brings up the following dialog: 8. Select whether to append new located trees to the current configuration, or to start from scratch removing all currently configured trees first, and then click OK. Note that it will quite likely locate trees that are not needed for user login and some tidying up afterwards, manually removing such entries, is worthwhile. If using multiple LDAP/AD servers with referrals, this process can be repeated for each, replacing the Domain to search accordingly and selecting Append to existing trees on each subsequent run. 16

17 Configuring LDAP integration in SonicOS Enhanced 9. Select the LDAP Users tab. Allow only users listed locally Requires that LDAP users also be present in the SonicWALL local user database for logins to be allowed. User group membership can be set locally by duplicating LDAP user names Allows for group membership (and privileges) to be determined by the intersection of local user and LDAP user configurations. Default LDAP User Group A default group on the SonicWALL to which LDAP users will belong in addition to group memberships configured on the LDAP server. Group memberships (and privileges) can also be assigned simply with LDAP. By creating user groups on the LDAP/AD server with the same name as SonicWALL built-in groups (such as Guest Services, Content Filtering Bypass, Limited Administrators ) and assigning users to these groups in the directory, or creating user groups on the SonicWALL with the same name as existing LDAP/AD user groups, SonicWALL group memberships will be granted upon successful LDAP authentication. The SonicWALL appliance can retrieve group memberships more efficiently in the case of Active Directory by taking advantage of its unique trait of returning a memberof attribute for a user. 17

18 Configuring LDAP integration in SonicOS Enhanced 10. Select the LDAP Relay tab. The RADIUS to LDAP Relay feature is designed for use in a topology where there is a central site with an LDAP/AD server and a central SonicWALL, with remote satellite sites connected into it via low-end SonicWALL security appliances that may not support LDAP. In that case the central SonicWALL can operate as a RADIUS server for the remote SonicWALLs, acting as a gateway between RADIUS and LDAP, and relaying authentication requests from them to the LDAP server. Additionally, for remote SonicWALLs running non-enhanced firmware, with this feature the central SonicWALL can return legacy user privilege information to them based on user group memberships learned via LDAP. This avoids what can be very complex configuration of an external RADIUS server such as IAS for those SonicWALLs. Enable RADIUS to LDAP Relay Enables this feature. Allow RADIUS clients to connect via Check the relevant checkboxes and policy rules will be added to allow incoming RADIUS requests accordingly. RADIUS shared secret This is a shared secret common to all remote SonicWALLs. User groups for legacy users These define the user groups that correspond to the legacy Access to VPNs, Access from VPN client with XAUTH, Access from L2TP VPN client and Allow Internet access (when access is restricted) privileges respectively. When a user in one of the given user groups is authenticated, the remote SonicWALL will be informed that the user is to be given the relevant privilege. Note The Bypass filters and Limited management capabilities privileges are returned based on membership to user groups named Content Filtering Bypass and Limited Administrators these are not configurable. 18

19 Configuring LDAP integration in SonicOS Enhanced 11. Select the Test tab. The Test page allows for the configured LDAP settings to be tested by attempting authentication with specified user and password credentials. Any user group memberships and/or framed IP address configured on the LDAP/AD server for the user will be displayed. Further Information on LDAP Schemas Microsoft Active Directory: Schema information is available at <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/active_dire ctory_schema.asp> and <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_reference.asp> RFC2798 InetOrgPerson: Schema definition and development information is available at <http://rfc.net/rfc2798.html> RFC2307 Network Information Service: Schema definition and development information is available at <http://rfc.net/rfc2307.html> Samba SMB: Development information is available at <http://us5.samba.org/samba/> Novell edirectory: LDAP integration information is available at <http://www.novell.com/documentation/edir873/index.html?page=/documentation/edir873/edir87 3/data/h html> User-defined schemas: See the documentation for your LDAP installation. You can also see general information on LDAP at <http://rfc.net/rfc1777.html> 19

20 RADIUS with LDAP for user groups RADIUS with LDAP for user groups When RADIUS is used for user authentication, there is an option on the RADIUS Users page in the RADIUS configuration to allow LDAP to be selected as the mechanism for setting user group memberships for RADIUS users: When that is selected, after authenticating a user via RADIUS his/her user group membership information will be looked up via LDAP in the directory on the LDAP/AD server. Clicking the Configure button launches the LDAP configuration window. Note that in this case LDAP is not dealing with user passwords and the information that it reads from the directory is normally unrestricted, so operation without TLS could be selected, ignoring the warnings, if TLS is not available (e.g. if certificate services are not installed with Active Directory). However, it must be ensured that security is not compromised by the SonicWALL doing a clear-text login to the LDAP server e.g. create a user account with read-only access to the directory dedicated for the SonicWALL s use. Do not use the administrator account in this case Rev A

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support Document Scope This document describes the integration of SonicOS Enhanced 3.2 with Lightweight Directory

More information

Single Sign-On in SonicOS Enhanced 4.0

Single Sign-On in SonicOS Enhanced 4.0 Single Sign-On in SonicOS Enhanced 4.0 Document Scope This document describes how to plan, design, implement, and maintain the Single Sign-On feature in the SonicWALL SonicOS Enhanced 4.0. This document

More information

Single Sign-On. Document Scope. Single Sign-On

Single Sign-On. Document Scope. Single Sign-On Single Sign-On Document Scope This document describes how to plan, design, implement, and maintain the Single Sign-On feature in the SonicWALL SonicOS 5.1 Enhanced. This document contains the following

More information

Single Sign-On in SonicOS Enhanced 5.5

Single Sign-On in SonicOS Enhanced 5.5 Single Sign-On in SonicOS Enhanced 5.5 Document Scope This document describes how to install and configure the Single Sign-On feature in the SonicOS Enhanced 5.5 release. This document contains the following

More information

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication This application note describes how to authenticate users on a Cisco ISA500 Series security appliance. It includes these

More information

Using LDAP Authentication in a PowerCenter Domain

Using LDAP Authentication in a PowerCenter Domain Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,

More information

Microsoft Active Directory Authentication with SonicOS 3.0 Enhanced and SonicOS SC 1.0 (CSM 2100CF)

Microsoft Active Directory Authentication with SonicOS 3.0 Enhanced and SonicOS SC 1.0 (CSM 2100CF) Microsoft Active Directory Authentication with SonicOS 3.0 Enhanced and SonicOS SC 1.0 (CSM 2100CF) Introduction SonicWALL Unified Threat Management (UTM) appliances running SonicOS Enhanced 3.0 support

More information

Configuring and Using the TMM with LDAP / Active Directory

Configuring and Using the TMM with LDAP / Active Directory Configuring and Using the TMM with LDAP / Active Lenovo ThinkServer April 27, 2012 Version 1.0 Contents Configuring and using the TMM with LDAP / Active... 3 Configuring the TMM to use LDAP... 3 Configuring

More information

Skyward LDAP Launch Kit Table of Contents

Skyward LDAP Launch Kit Table of Contents 04.30.2015 Table of Contents What is LDAP and what is it used for?... 3 Can Cloud Hosted (ISCorp) Customers use LDAP?... 3 What is Advanced LDAP?... 3 Does LDAP support single sign-on?... 4 How do I know

More information

Using LDAP with Sentry Firmware and Sentry Power Manager (SPM)

Using LDAP with Sentry Firmware and Sentry Power Manager (SPM) Using LDAP with Sentry Firmware and Sentry Power Manager (SPM) Table of Contents Purpose LDAP Requirements Using LDAP with Sentry Firmware (GUI) Initiate a Sentry GUI Session Configuring LDAP for Active

More information

Configuring Sponsor Authentication

Configuring Sponsor Authentication CHAPTER 4 Sponsors are the people who use Cisco NAC Guest Server to create guest accounts. Sponsor authentication authenticates sponsor users to the Sponsor interface of the Guest Server. There are five

More information

Using LDAP Authentication in an Informatica Domain

Using LDAP Authentication in an Informatica Domain Using LDAP Authentication in an Informatica Domain Copyright Informatica LLC 2016. Informatica LLC. Informatica, the Informatica logo, Informatica Big Data Management, and Informatica PowerCenter are trademarks

More information

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP Deployment Guide Cisco VCS X8.1 D14465.06 December 2013 Contents Introduction 3 Process summary 3 LDAP accessible authentication server configuration

More information

Configuring Single Sign-On. Installing the SonicWALL SSO Agent

Configuring Single Sign-On. Installing the SonicWALL SSO Agent PANEL_ssoProps Configuring Single Sign-On Configuring SSO is a process that includes installing and configuring the SonicWALL SSO Agent and configuring a SonicWALL security appliance running SonicOS Enhanced

More information

Contents. Leveraging LDAP Groups/ Users with SonicWALL UTM Appliance LDAP

Contents. Leveraging LDAP Groups/ Users with SonicWALL UTM Appliance LDAP LDAP Leveraging LDAP Groups/ Users with SonicWALL UTM Appliance Contents Contents... 1 Integrating LDAP/Active Directory with Sonicwall UTM... 3 LDAP over SSL... 3 Configuring the CA on the Active Directory

More information

Introduction. Versions Used Windows Server 2003

Introduction. Versions Used Windows Server 2003 Training Installing Active Directory Introduction As SonicWALL s products and firmware keeps getting more features that are based on integration with Active Directory, e.g., Active Directory Connector

More information

Content Filtering Client Policy & Reporting Administrator s Guide

Content Filtering Client Policy & Reporting Administrator s Guide Content Filtering Client Policy & Reporting Administrator s Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION

More information

IIS, FTP Server and Windows

IIS, FTP Server and Windows IIS, FTP Server and Windows The Objective: To setup, configure and test FTP server. Requirement: Any version of the Windows 2000 Server. FTP Windows s component. Internet Information Services, IIS. Steps:

More information

Managing Identities and Admin Access

Managing Identities and Admin Access CHAPTER 4 This chapter describes how Cisco Identity Services Engine (ISE) manages its network identities and access to its resources using role-based access control policies, permissions, and settings.

More information

SSL VPN Portal Options

SSL VPN Portal Options 1. ProSecure UTM Quick Start Guide This quick start guide describes how to use the SSL VPN Wizard to configure SSL VPN portals on the ProSecure Unified Threat Management (UTM) Appliance. The Secure Sockets

More information

Taking Advantage of Active Directory Support in GroupWise 2014

Taking Advantage of Active Directory Support in GroupWise 2014 White Paper Collaboration Taking Advantage of Active Directory Support in GroupWise 2014 Flexibility and interoperability have always been hallmarks for Novell. That s why it should be no surprise that

More information

Setting Up SSL on IIS6 for MEGA Advisor

Setting Up SSL on IIS6 for MEGA Advisor Setting Up SSL on IIS6 for MEGA Advisor Revised: July 5, 2012 Created: February 1, 2008 Author: Melinda BODROGI CONTENTS Contents... 2 Principle... 3 Requirements... 4 Install the certification authority

More information

F-Secure Messaging Security Gateway. Deployment Guide

F-Secure Messaging Security Gateway. Deployment Guide F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4

More information

Configuring Global Protect SSL VPN with a user-defined port

Configuring Global Protect SSL VPN with a user-defined port Configuring Global Protect SSL VPN with a user-defined port Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be Global Protect SSL VPN Overview This document gives you an overview on how to configure

More information

Security Provider Integration LDAP Server

Security Provider Integration LDAP Server Security Provider Integration LDAP Server 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property

More information

Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration

Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration This document provides configuration steps for Avaya one X Portal s 1.1.3 communication

More information

Configuring Internet Authentication Service on Microsoft Windows 2003 Server

Configuring Internet Authentication Service on Microsoft Windows 2003 Server Windows 2003 / Enhanced Configuring Internet Authentication Service on Microsoft Windows 2003 Server Introduction This technote describes how to setup the Internet Authentication service (IAS) on a Microsoft

More information

Single Sign-On in SonicOS Enhanced 5.6

Single Sign-On in SonicOS Enhanced 5.6 Single Sign-On in SonicOS Enhanced 5.6 Document Scope This document describes how to install and configure the Single Sign-On feature in the SonicOS Enhanced 5.6 release. This document contains the following

More information

How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication How To Configure Windows Server 2008 as a How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication RADIUS Server with MS-CHAP v2 Authentication Applicable Version: 10.00 onwards

More information

Citrix Access on SonicWALL SSL VPN

Citrix Access on SonicWALL SSL VPN Citrix Access on SonicWALL SSL VPN Document Scope This document describes how to configure and use Citrix bookmarks to access Citrix through SonicWALL SSL VPN 5.0. It also includes information about configuring

More information

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab Microsoft Corporation Published: May, 2005 Author: Microsoft Corporation Abstract This guide describes how to create

More information

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Configuring SonicWALL TSA on Citrix and Terminal Services Servers Configuring on Citrix and Terminal Services Servers Document Scope This solutions document describes how to install, configure, and use the SonicWALL Terminal Services Agent (TSA) on a multi-user server,

More information

Polycom RealPresence Resource Manager System Getting Started Guide

Polycom RealPresence Resource Manager System Getting Started Guide [Type the document title] Polycom RealPresence Resource Manager System Getting Started Guide 8.0 August 2013 3725-72102-001B Polycom Document Title 1 Trademark Information POLYCOM and the names and marks

More information

Global VPN Client Getting Started Guide

Global VPN Client Getting Started Guide Global VPN Client Getting Started Guide 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential

More information

Application Note. Using a Windows NT Domain / Active Directory for User Authentication NetScreen Devices 8/15/02 Jay Ratford Version 1.

Application Note. Using a Windows NT Domain / Active Directory for User Authentication NetScreen Devices 8/15/02 Jay Ratford Version 1. Application Note Using a Windows NT Domain / Active Directory for User Authentication NetScreen Devices 8/15/02 Jay Ratford Version 1.0 Page 1 Controlling Access to Large Numbers of Networks Devices to

More information

WHITE PAPER Citrix Secure Gateway Startup Guide

WHITE PAPER Citrix Secure Gateway Startup Guide WHITE PAPER Citrix Secure Gateway Startup Guide www.citrix.com Contents Introduction... 2 What you will need... 2 Preparing the environment for Secure Gateway... 2 Installing a CA using Windows Server

More information

User Management Guide

User Management Guide AlienVault Unified Security Management (USM) 4.x-5.x User Management Guide USM v4.x-5.x User Management Guide, rev 1 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,

More information

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft] Cox Managed CPE Services RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft] September, 2015 2015 by Cox Communications. All rights reserved. No part of this document may be reproduced or transmitted

More information

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy Dell SonicWALL and SecurEnvoy Integration Guide Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House Brunel Road Theale

More information

Integrating Webalo with LDAP or Active Directory

Integrating Webalo with LDAP or Active Directory Integrating Webalo with LDAP or Active Directory Webalo can be integrated with an external directory to identify valid Webalo users and then authenticate them to the Webalo appliance. Integration with

More information

SONICWALL SONICOS ENHANCED 5.6 SINGLE SIGN-ON

SONICWALL SONICOS ENHANCED 5.6 SINGLE SIGN-ON You can read the recommendations in the user guide, the technical guide or the installation guide for SONICWALL SONICOS ENHANCED 5.6 SINGLE SIGN-ON. You'll find the answers to all your questions on the

More information

Managing Qualys Scanners

Managing Qualys Scanners Q1 Labs Help Build 7.0 Maintenance Release 3 documentation@q1labs.com Managing Qualys Scanners Managing Qualys Scanners A QualysGuard vulnerability scanner runs on a remote web server. QRadar must access

More information

Installation and Configuration Guide

Installation and Configuration Guide Installation and Configuration Guide BlackBerry Resource Kit for BlackBerry Enterprise Service 10 Version 10.2 Published: 2015-11-12 SWD-20151112124827386 Contents Overview: BlackBerry Enterprise Service

More information

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access With IDENTIKEY Server / Axsguard IDENTIFIER Integration Guidelines Disclaimer Disclaimer of Warranties and Limitations

More information

PriveonLabs Research. Cisco Security Agent Protection Series:

PriveonLabs Research. Cisco Security Agent Protection Series: Cisco Security Agent Protection Series: Enabling LDAP for CSA Management Center SSO Authentication For CSA 5.2 Versions 5.2.0.245 and up Fred Parks Systems Consultant 3/25/2008 2008 Priveon, Inc. www.priveonlabs.com

More information

Using Microsoft Active Directory Server and IAS Authentication

Using Microsoft Active Directory Server and IAS Authentication StoneGate How-To Using Microsoft Active Directory Server and IAS Authentication StoneGate Firewall/VPN 3.0.7 and Management Center 4.1 Table of Contents Basic Scenario...page 3 Configuring a Windows 2003

More information

Setting Up Scan to SMB on TaskALFA series MFP s.

Setting Up Scan to SMB on TaskALFA series MFP s. Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and

More information

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...

More information

Dell SonicWALL Notice Concerning Multiple LDAP Vulnerabilities

Dell SonicWALL Notice Concerning Multiple LDAP Vulnerabilities Dell SonicWALL Notice Concerning Multiple LDAP Vulnerabilities Dell SonicWALL has identified multiple LDAP authentication protocol vulnerabilities exposed when SonicOS is configured to use Microsoft Active

More information

CA Unified Infrastructure Management Server

CA Unified Infrastructure Management Server CA Unified Infrastructure Management Server CA UIM Server Configuration Guide 8.0 Document Revision History Version Date Changes 8.0 September 2014 Rebranded for UIM 8.0. 7.6 June 2014 No revisions for

More information

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client Sophos UTM Remote Access via PPTP Configuring UTM and Client Product version: 9.000 Document date: Friday, January 11, 2013 The specifications and information in this document are subject to change without

More information

App Orchestration 2.5

App Orchestration 2.5 Configuring NetScaler 10.5 Load Balancing with StoreFront 2.5.2 and NetScaler Gateway for Prepared by: James Richards Last Updated: August 20, 2014 Contents Introduction... 3 Configure the NetScaler load

More information

Dell SonicWALL SRA 7.5 Citrix Access

Dell SonicWALL SRA 7.5 Citrix Access Dell SonicWALL SRA 7.5 Citrix Access Document Scope This document describes how to configure and use Citrix bookmarks to access Citrix through Dell SonicWALL SRA 7.5. It also includes information about

More information

Discovery Guide. Secret Server. Table of Contents

Discovery Guide. Secret Server. Table of Contents Secret Server Discovery Guide Table of Contents Introduction... 3 How Discovery Works... 3 Active Directory / Local Windows Accounts... 3 Unix accounts... 3 VMware ESX accounts... 3 Why use Discovery?...

More information

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington

More information

User Management Resource Administrator. Managing LDAP directory services with UMRA

User Management Resource Administrator. Managing LDAP directory services with UMRA User Management Resource Administrator Managing LDAP directory services with UMRA Copyright 2005, Tools4Ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted

More information

Embedded Web Server Security

Embedded Web Server Security Embedded Web Server Security Administrator's Guide September 2014 www.lexmark.com Model(s): C54x, C73x, C746, C748, C792, C925, C950, E260, E360, E46x, T65x, W850, X264, X36x, X46x, X543, X544, X546, X548,

More information

LDAP User Guide PowerSchool Premier 5.1 Student Information System

LDAP User Guide PowerSchool Premier 5.1 Student Information System PowerSchool Premier 5.1 Student Information System Document Properties Copyright Owner Copyright 2007 Pearson Education, Inc. or its affiliates. All rights reserved. This document is the property of Pearson

More information

CA Nimsoft Service Desk

CA Nimsoft Service Desk CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

Clientless SSL VPN Users

Clientless SSL VPN Users Manage Passwords, page 1 Username and Password Requirements, page 3 Communicate Security Tips, page 3 Configure Remote Systems to Use Clientless SSL VPN Features, page 3 Manage Passwords Optionally, you

More information

CA Performance Center

CA Performance Center CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

Installing and Setting up Microsoft DNS Server

Installing and Setting up Microsoft DNS Server Training Installing and Setting up Microsoft DNS Server Introduction Versions Used Windows Server 2003 Setup Used i. Server Name = martini ii. Credentials: User = Administrator, Password = password iii.

More information

Getting Started Guide

Getting Started Guide Getting Started Guide CensorNet Professional Copyright CensorNet Limited, 2007-2011 This document is designed to provide information about the first time configuration and testing of the CensorNet Professional

More information

How to Enable LDAP Directory Services Authentication to Microsoft Active Directory in the HP cclass Onboard Administrator

How to Enable LDAP Directory Services Authentication to Microsoft Active Directory in the HP cclass Onboard Administrator How to Enable LDAP Directory Services Authentication to Microsoft Active Directory in the HP cclass Onboard Administrator I. Certificate Services a. Install a Certificate Authority onto a Windows server

More information

VERALAB LDAP Configuration Guide

VERALAB LDAP Configuration Guide VERALAB LDAP Configuration Guide VeraLab Suite is a client-server application and has two main components: a web-based application and a client software agent. Web-based application provides access to

More information

NSi Mobile Installation Guide. Version 6.2

NSi Mobile Installation Guide. Version 6.2 NSi Mobile Installation Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 18, 2013 2 CONTENTS TABLE OF CONTENTS PREFACE... 5 Purpose of this Document... 5 Version Compatibility...

More information

How to Secure a Groove Manager Web Site

How to Secure a Groove Manager Web Site How to Secure a Groove Manager Web Site Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations,

More information

This chapter describes how to set up and manage VPN service in Mac OS X Server.

This chapter describes how to set up and manage VPN service in Mac OS X Server. 6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure

More information

Chapter 3 Authenticating Users

Chapter 3 Authenticating Users Chapter 3 Authenticating Users Remote users connecting to the SSL VPN Concentrator must be authenticated before being allowed to access the network. The login window presented to the user requires three

More information

Installing Policy Patrol on a separate machine

Installing Policy Patrol on a separate machine Policy Patrol 3.0 technical documentation July 23, 2004 Installing Policy Patrol on a separate machine If you have Microsoft Exchange Server 2000 or 2003 it is recommended to install Policy Patrol on the

More information

Simple Scan to Email Setup Guide

Simple Scan to Email Setup Guide Simple Scan to Email Setup Guide Document Centre 555/545/535 Dc04cc0336 Scan to Email Scanning to email from a Xerox DC 555/545/535 requires the support of external email services on a network. These services

More information

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

Authentication. Authentication in FortiOS. Single Sign-On (SSO) Authentication FortiOS authentication identifies users through a variety of methods and, based on identity, allows or denies network access while applying any required additional security measures. Authentication

More information

Sophos UTM. Remote Access via IPsec. Configuring UTM and Client

Sophos UTM. Remote Access via IPsec. Configuring UTM and Client Sophos UTM Remote Access via IPsec Configuring UTM and Client Product version: 9.000 Document date: Friday, January 11, 2013 The specifications and information in this document are subject to change without

More information

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory May 21, 2014 This edition of this document applies to Piston OpenStack 3.0. To send us your comments about this document, e-mail documentation@pistoncloud.com.

More information

LDAP Authentication and Authorization

LDAP Authentication and Authorization LDAP Authentication and Authorization What is LDAP Authentication? Today, the network can include elements such as LANs, WANs, an intranet, and the Internet. Many enterprises have turned to centralized

More information

Managing Users and Identity Stores

Managing Users and Identity Stores CHAPTER 8 Overview ACS manages your network devices and other ACS clients by using the ACS network resource repositories and identity stores. When a host connects to the network through ACS requesting

More information

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide This document is intended to help you get started using WebSpy Vantage Ultimate and the Web Module. For more detailed information, please see

More information

ProxySG TechBrief LDAP Authentication with the ProxySG

ProxySG TechBrief LDAP Authentication with the ProxySG ProxySG TechBrief LDAP Authentication with the ProxySG What is LDAP Authentication? Today, the network can include elements such as LANs, WANs, an intranet, and the Internet. Many enterprises have turned

More information

Exchange 2010. Outlook Profile/POP/IMAP/SMTP Setup Guide

Exchange 2010. Outlook Profile/POP/IMAP/SMTP Setup Guide Exchange 2010 Outlook Profile/POP/IMAP/SMTP Setup Guide September, 2013 Exchange 2010 Outlook Profile/POP/IMAP/SMTP Setup Guide i Contents Exchange 2010 Outlook Profile Configuration... 1 Outlook Profile

More information

How to Use Certificates for Additional Security

How to Use Certificates for Additional Security Global VPN Client How to Use Certificates for Additional Security The usage of certificates is not a subject one should not think of lightly. There are multiple ways to implement certificates for additional

More information

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access Integration Handbook Document Version 1.1 Released July 16, 2012 ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access

More information

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions HOSTING Administrator Control Panel / Quick Reference Guide Page 1 of 9 Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions Exchange 2010 Outlook Profile Setup Page 2 of 9 Exchange

More information

Email Proxy POP3S. then authentication occurs. POP3S is for a receiving email. IMAP4S. and then authentication occurs. SMTPS is for sending email.

Email Proxy POP3S. then authentication occurs. POP3S is for a receiving email. IMAP4S. and then authentication occurs. SMTPS is for sending email. Email proxies extend remote email capability to users of Clientless SSL VPN. When users attempt an email session via email proxy, the email client establishes a tunnel using the SSL protocol. The email

More information

Introduction to Mobile Access Gateway Installation

Introduction to Mobile Access Gateway Installation Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure

More information

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

DIGIPASS Authentication for Sonicwall Aventail SSL VPN DIGIPASS Authentication for Sonicwall Aventail SSL VPN With VASCO IDENTIKEY Server 3.0 Integration Guideline 2009 Vasco Data Security. All rights reserved. PAGE 1 OF 52 Disclaimer Disclaimer of Warranties

More information

ecopy ShareScan v4.3 Pre-Installation Checklist

ecopy ShareScan v4.3 Pre-Installation Checklist ecopy ShareScan v4.3 Pre-Installation Checklist This document is used to gather data about your environment in order to ensure a smooth product implementation. The Network Communication section describes

More information

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background Xerox Multifunction Devices Customer Tips June 5, 2007 This document applies to these Xerox products: X WC Pro 232/238/245/ 255/265/275 for the user Xerox Network Scanning HTTP/HTTPS Configuration using

More information

RSA Authentication Manager 7.1 Basic Exercises

RSA Authentication Manager 7.1 Basic Exercises RSA Authentication Manager 7.1 Basic Exercises Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA logo

More information

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client Astaro Security Gateway V8 Remote Access via L2TP over IPSec Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If

More information

ECA IIS Instructions. January 2005

ECA IIS Instructions. January 2005 ECA IIS Instructions January 2005 THIS PAGE INTENTIONALLY BLANK ECA IIS Instructions ii July 22, 2005 Table of Contents 1. Install Certificate in IIS 5.0... 1 2. Obtain and Install the ECA Root Certificate

More information

Security Provider Integration RADIUS Server

Security Provider Integration RADIUS Server Security Provider Integration RADIUS Server 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property

More information

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner

More information

Security Provider Integration RADIUS Server

Security Provider Integration RADIUS Server Security Provider Integration RADIUS Server 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property

More information

www.novell.com/documentation Jobs Guide Identity Manager 4.0.1 February 10, 2012

www.novell.com/documentation Jobs Guide Identity Manager 4.0.1 February 10, 2012 www.novell.com/documentation Jobs Guide Identity Manager 4.0.1 February 10, 2012 Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation,

More information

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks

More information

Quick Scan Features Setup Guide. Scan to E-mail Setup. See also: System Administration Guide: Contains details about E-mail setup.

Quick Scan Features Setup Guide. Scan to E-mail Setup. See also: System Administration Guide: Contains details about E-mail setup. Quick Scan Features Setup Guide XE3024EN0-2 This guide includes instructions for: Scan to E-mail Setup on page 1 Scan to Mailbox Setup on page 6 Network Scanning Setup on page 9 Scan to PC Setup on page

More information

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise

More information

Chapter 2 Editor s Note:

Chapter 2 Editor s Note: [Editor s Note: The following content was excerpted from the free ebook The Tips and Tricks Guide to Securing Windows Server 2003 (Realtimepublishers.com) written by Roberta Bragg and available at http://www.netiq.com/offers/ebooks.]

More information

How to Logon with Domain Credentials to a Server in a Workgroup

How to Logon with Domain Credentials to a Server in a Workgroup How to Logon with Domain Credentials to a Server in a Workgroup Johan Loos johan@accessdenied.be Version 1.0 Authentication Overview Basically when you logon to a Windows Server you can logon locally using

More information

INUVIKA OVD VIRTUAL DESKTOP ENTERPRISE

INUVIKA OVD VIRTUAL DESKTOP ENTERPRISE INUVIKA OVD VIRTUAL DESKTOP ENTERPRISE MICROSOFT ACTIVE DIRECTORY INTEGRATION Agostinho Tavares Version 1.0 Published 06/05/2015 This document describes how Inuvika OVD 1.0 can be integrated with Microsoft

More information