How to Configure Active Directory based User Authentication You Must Have: Microsoft server with Active Directory configured. Windows 2000 Server is configured as Active Directory server in this example. Working DNS server. The above Windows 2000 Server is also configured as DNS server with domain name RANCHTEST3.com Connect the Windows 2000 AD server on the RN unit s management port s network. Windows 2000 Active Directory & DNS Server IP Address: Pc23.gif 10.1.2.107/24 windows2kserver.ranchtest3.com Administrator s Local Management Station IP Address: 10.1.2.105/24 RN Device Mgmt Port IP Address: 10.12.125/24 Host Name: RNBOX Port 4 in Zone Webload 1 Interface IP: 10.1.4.1/24 Host to be Authenticated against Active Directory Zone Webload 1 IP Address: 10.1.4.2/24 User Name: ad2user1 Security Profile: p-ad2user1
1. Configure the host name for RN device Log on to RN web GUI and go to System Configuration Mgmt Port Config Management Port menu. Enter the host name (ex. RNBOX) and click on Change Mgmt IP Settings 2. Configure DNS Server address on RN device. Go to System Configuration Mgmt Port Config DNS Server Configuration menu. Enter the Primary IP (ex. 10.1.2.107) and click on Change DNS Config
3. Go to Windows 2000 DNS Server (IP: 10.1.2.107) and add a host entry for RNBOX Now check that rnbox.ranchtest3.com can be resolvable 4. Go to Windows 2000 AD Server (IP: 10.1.2.107) to add user
Start Settings Control panel Administrative Tools Active Directory Users and Computers 5. Add the user as followed. (ex. Username -> ad2user1, profilename p-ad2user1) Please note that the Description field is being used to define user profile. Also note that Display name is exactly configured as user name. Once the user is created, right click and configure the password. You will need this username and password combination when you try to get authenticate on to RN s network.
6. Configure Active Directory server parameters on RN device. Log back on to RN s web GUI. Go to Firewall Configuration User Authentication Authentication Server Active Directory Server menu, enter AD details and click Modify to save.
For this example, Primary AD Server windows2kserver.ranchtest3.com (Note. Use FQDN format) AD Authentication method Plain Text Base Distinguished Name cn=users,dc=ranchtest3,dc=com Security Profile Attribute description (The description field in Active Directory user configuration is used to define user security profile) 7. Create the user name on RN device Go to Firewall Configuration User Authentication User Configuration Select Authentication Server as External Active Directory Server add User Name (ex. ad2user1) and click on Add User
8. Create user security profile (ex. p-ad2user1) Go to Firewall Configuration Security Profiles
Click on Firewall Rules for Security Profile, enter Profile Name (ex. p- ad2user1) and Profile Description then click Add Profile Click Done to close 9. Create security policies to this profile. This is similar to creating firewall rules for any zone. To do this, go to Firewall Configuration Security Profiles select p-ad2user1 from the drop down menu and start creating security rules by clicking Add/Modify 10. Enable Zones where user authentication is required. For ex. "Zone Webload 1.
Go to Firewall Configuration User Authentication General Configuration. Select zone (ex. Zone Webload 1) from the left window and click on ble User Authentication. When user authentication is enabled, the zone is listed on the right window. Note: The zone called Zone Webload 1 is configure on RN device with port 4 as member. The RN interface IP for this physical zone is 10.1.4.1/24 11. Now, any host connected to Zone Webload 1 has to get authenticated to access network resources. As shown in the diagram, a host with IP 10.1.4.2/24 is in this zone. The host user needs a user id and password go get on to network. To do this, Log on to this host (10.1.4.2) and open windows explorer browser. Enter the url as https://10.1.4.1 then enter the username and password and click Login. (Note: Respective Zone interface IP is used in the url)
A successful authenticated message is displayed once login process is completed. And now the host (10.1.4.2) has network resources available as defined by its security profile (p-ad2user1)
12. User sessions can be monitored and administered by administrator. Firewall Configuration User Authentication User Administration
Firewall Configuration User Authentication Session Administration