Active Directory Schema modification in SafeWord RemoteAccess



Similar documents
AD Schema Update IPBrick iportalmais

Modifying the Active Directory Schema to Support Mac Systems

Product Guide Addendum. SafeWord Check Point User Management Console Version 2.1

Directory Configuration Guide

SafeNet Authentication Manager Express. Upgrade Instructions All versions

Administration Guide. SafeWord for Internet Authentication Service (IAS) Agent Version 2.0

Proven. Trusted.

Keeping your VPN protected

ADVANCED TWO-FACTOR AUTHENTICATION VIA YOUR MOBILE PHONE

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Ultra-strong authentication to protect network access and assets

Ultra-strong authentication to protect network access and assets

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Apple Technical White Paper. Best Practices for Integrating OS X Lion with Active Directory

Managing an Active Directory Infrastructure O BJECTIVES

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

A brief on Two-Factor Authentication

DIGIPASS Authentication for GajShield GS Series

Ultra-strong authentication to protect network access and assets

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

DualShield Authentication Platform

BlackShield ID MP Token Guide. for Java Enabled Phones

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

CRYPTOCard. Strong Two Factor Authentication

MIGRATION GUIDE. Authentication Server

Multi-factor Authentication using Radius

Managing an Active Directory Infrastructure

Copyright

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Installing Exchange and Extending the Active Directory Schema for Cisco Unity 8.x

External Authentication with Citrix Access Gateway Advanced Edition

Instructions for Using Secure . (SMail) via Outlook Web Access. with an RSA Token

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

ZyWALL OTPv2 Support Notes

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

Using Entrust certificates with VPN

INTEGRATION GUIDE. DIGIPASS Authentication for F5 FirePass

SafeWord Domain Login Agent Step-by-Step Guide

Microsoft Office365 with Active Directory Federated Services (ADFS) Authenticating Users Using SecurAccess Server by SecurEnvoy

Implementation Guide for protecting

Migration Guide. SafeNet Authentication Service. SafeWord/SAMx. Migration Guide: SafeNet Authentication Service. SafeWord/SAMx

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

Designing and Implementing a Server Infrastructure MOC 20413

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

SafeWord 2008 Customer Release Notes

Step by step guide to implement SMS authentication to Cisco ASA Clientless SSL VPN and Cisco VPN

DualShield. for. Microsoft TMG. Implementation Guide. (Version 5.2) Copyright 2011 Deepnet Security Limited

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

SINGLE COURSE. 136 Total Hours. After completing this course, students will be able to:

1 Summary. Step by Step Guide to implement SMS authentication to Bluecoat ProxySG

Cisco Advanced Services for Network Security

TMS 5.1 OTP Planning Guide. Version 2

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

DIGIPASS Authentication for Check Point Connectra

Step-by-Step Guide to Active Directory Bulk Import and Export

Terminal Server Citrix MetaFrame Installation Guide

Welcome Guide for MP-1 Token for Microsoft Windows

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

SafeNet Authentication Service

Integration Guide. SafeNet Authentication Service. Integrating Active Directory Lightweight Services

RSA Authentication Manager 7.1 Administrator s Guide

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

1 Introduction Product overview Product description System requirements Software support... 7

Troubleshooting Active Directory Server

Defender Token Deployment System Quick Start Guide

White paper December IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview

Installing, Configuring, and Managing a Microsoft Active Directory

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

Abridged. for Security Domain Administrators. IT Services Iowa State University. Jan 2015

BlackShield ID Agent for Remote Web Workplace

Microsoft Windows Server 2008: MS-6435 Designing Network and Applications Infrastructure MCITP 6435

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

HOTPin Integration Guide: DirectAccess

Modular Messaging. Release 4.0 Service Pack 4. Whitepaper: Support for Active Directory and Exchange 2007 running on Windows Server 2008 platforms.

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

Securing Virtual Desktop Infrastructures with Strong Authentication

StarTeam/CaliberRM LDAP QuickStart Manager Administration Guide

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Designing and Implementing a Server Infrastructure

BlackShield ID. QUICKStart Guide. Integrating Active Directory Lightweight Services

ipad in Business Security

BlackShield ID Best Practice

Microsoft Technologies

Administering Windows Server 2012

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

RSA SecurID Two-factor Authentication

CCH Practice Management

Transcription:

A PPLICATION N O T E Active Directory Schema modification in SafeWord RemoteAccess This application note provides background on SafeWord RemoteAccess modification of Microsoft s Active Directory schema, and approved best practices for making the modification consistent with Microsoft s recommendations. www.securecomputing.com

Table of Contents Overview... 3 Schema extension recommendations... 3 Best practices... 3 Application requirements for shipping... 4 Attribute modified by SafeWord RemoteAccess... 5 For more information... 6 2 86-0944477-A

Overview SafeWord RemoteAccess adds strong authentication to VPNs, RADIUS devices, Citrix MetaFrame applications, and Outlook Web Access, positively identifying remote users. SafeWord RemoteAccess delivers security through one-time passcode-generating hardware tokens. Only the SafeWord server knows which passcode will allow the user to gain access, which eliminates threats from outsiders stealing, copying, or reusing passwords to gain unauthorized access. SafeWord RemoteAccess is managed directly from Microsoft Active Directory, allowing administrators to easily manage tokens and users. Schema extension recommendations Some network administrators and IT staff members have expressed reluctance to install applications that extend the Active Directory schema, as evidenced in several online discussion groups. While Microsoft s knowledge base suggests using caution when making changes to the Active Directory schema, Microsoft expressly decrees that extending the AD schema is encouraged to extend Active Directory definition (when done following Microsoft recommendations). Best practices Microsoft recommends only using schema extensions that follow recommended best practices. SafeWord RemoteAccess follows Microsoft s best practices list, which can be found at http:// msdn.microsoft.com/library/default.asp?url= /library/en-us/dnactdir/ html/adschemaext.asp. Microsoft s Best Practices list includes the following guidelines for extending the schema: Š The schema is neither a database nor a file system. Do not treat it as such. Š Place references in the directory that point to other data stores instead of using the directory for something for which it was not designed. Š Only define globally interesting, relatively static information in the schema. 86-0944477-A 3

Š Objects defined in the schema should not be created very often nor modified frequently. Š Objects should have a long life. Š Use twice the maximum replication frequency when determining longevity or frequency. Š Test the application in a private forest and with other applications before deploying. Š The schema upgrade must be separate from the application installation. SafeWord RemoteAccess has followed the Microsoft recommendations to create the SafeWord RemoteAccess Active Directory extension. Application requirements for shipping Microsoft offers some caveats for schema extensions that ship with applications such as SafeWord RemoteAccess. These caveats have been followed: a separate install has been created for SafeWord RemoteAccess, and the following steps recommended by Microsoft have been implemented: Š The application must use a registered prefix and base OID for each class and attribute. Š The application must have a unique schemaidguid for each class and attribute. Š LDIF files for your schema installation must be created. Š The application uses LDIFDE.exe to load the LDIF files. Š The application and schema extensions were tested on Secure Computing s local network. 4 86-0944477-A

Attribute modified by SafeWord RemoteAccess The following provides details about the LDIF file imported by SafeWord RemoteAccess, and changes made to Active Directory. LDIF File dn: CN=SecureComputing-Com-2000-SafeWord- UserID,CN=Schema,CN=Configuration,DC=ncheng,DC=net changetype: add objectclass: attributeschema attributesyntax: 2.5.5.4 omsyntax: 20 attributeid: 1.2.840.113556.1.4.7000.233.28688.28684.8.326285.1218988.199308 1.788993.1 ldapdisplayname: securecomputingcom2000-safeword-userid ismemberofpartialattributeset: TRUE User class modification dn:cn=user,cn=schema,cn=configuration,dc=ncheng,dc=net changetype: modify add: maycontain maycontain: 1.2.840.113556.1.4.7000.233.28688.28684.8.326285.1218988.199308 1.788993.1 86-0944477-A 5

For more information If you have additional questions or concerns on the implementation of the Active Directory schema extensions in SafeWord RemoteAccess, contact sales@securecomputing.com or visit: http://msdn.microsoft.com/library/default.asp?url=/library/ en-us/ dnactdir/html/adschemaext.as 6 86-0944477-A

86-0944477-A 7

Product names used within are trademarks of their respective owners. Copyright 2004 Secure Computing Corporation. All rights reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information