Active Directory Integration Notes. Introduction. Overview



Similar documents
Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

Integration Guide. Swivel Secure Authentication

Basic Configuration. Key Operator Tools older products. Program/Change LDAP Server (page 3 of keyop tools) Use LDAP Server must be ON to work

Active Directory LDAP Quota and Admin account authentication and management

PINsafe Manual. PINsafe Reference Manual Version 3.8

Getting Started with Clearlogin A Guide for Administrators V1.01

SchoolBooking LDAP Integration Guide

Active Directory Integration

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

Configuring User Identification via Active Directory

This presentation explains how to integrate Microsoft Active Directory to enable LDAP authentication in the IBM InfoSphere Master Data Management

VERALAB LDAP Configuration Guide

SchoolBooking SSO Integration Guide

Quick Scan Features Setup Guide

Setting Up Sharp MX-Color Imagers To Scan To

Integrating Webalo with LDAP or Active Directory

Administration Guide. . All right reserved. For more information about Specops Password Sync and other Specops products, visit

Scan Features Minimum Requirements Guide WorkCentre M123/M128 WorkCentre Pro 123/ P42081

SCOPTEL WITH ACTIVE DIRECTORY USER DOCUMENTATION

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

Quality Center LDAP Guide

Active Directory Integration

Quick Scan Features Setup Guide. Scan to Setup. See also: System Administration Guide: Contains details about setup.

IMPLEMENTING DIRECTORY SERVICES INTEGRATION WITH HELIX MEDIA LIBRARY Revision Date: September 2014

Summary. How-To: Active Directory Integration. April, 2006

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

Here, we will discuss step-by-step procedure for enabling LDAP Authentication.

Protected Trust Directory Sync Guide

PriveonLabs Research. Cisco Security Agent Protection Series:

Important Information

Active Directory Requirements and Setup

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

LDAP Directory Integration with Cisco Unity Connection

SharePoint AD Information Sync Installation Instruction

Cryoserver Archive Lotus Notes Configuration

IIS, FTP Server and Windows

Web Testing, Java Testing, Server Monitoring. AppPerfect Installation Guide

Toll Free: International:

Device Log Export ENGLISH

TypingMaster Intra. LDAP / Active Directory Installation. Technical White Paper (2009-9)

VMware Identity Manager Administration

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

Group Management Server User Guide

SonicWALL Security Quick Start Guide. Version 4.6

Configuring Sponsor Authentication

Defender Token Deployment System Quick Start Guide

Overview How it works: Features: Page 1

OpenLDAP Oracle Enterprise Gateway Integration Guide

Adeptia Suite LDAP Integration Guide

VMware Identity Manager Administration

Fortigate SSL VPN 4 With PINsafe Installation Notes

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Using LDAP for User Authentication

Authentication Methods

Configuration Guide for Active Directory Integration

Fortigate SSL VPN 3.x With PINsafe Installation Notes

Configuring and Using the TMM with LDAP / Active Directory

Created by Hotline Support Konica Minolta Hotline Support (UK) V1.2

OneLogin Integration User Guide

User Service and Directory Agent: Configuration Best Practices and Troubleshooting

Skyward LDAP Launch Kit Table of Contents

Management, Logging and Troubleshooting

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Coveo Platform 7.0. Microsoft Active Directory Connector Guide

AD Self Password Reset Installation and configuration

Installation and Configuration Guide

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

FileCruiser. VA2600 SR1 Quick Configuration Guide

Using LDAP Authentication in a PowerCenter Domain

Managing User Accounts

Embedded Web Server Security

Cloudwork Dashboard User Manual

Security Provider Integration Kerberos Authentication

Configuring Global Protect SSL VPN with a user-defined port

Configuring MailArchiva with Insight Server

RoomWizard Synchronization Software Manual Installation Instructions

FaxCore 2007 Getting Started Guide (v1.0)

How to configure your client

Version 9. Active Directory Integration in Progeny 9

Contents About the Contract Management Post Installation Administrator's Guide... 5 Viewing and Modifying Contract Management Settings...

F-SECURE MESSAGING SECURITY GATEWAY

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

SITRANS RD500 Configuring the RD500 with PSTN or GSM modems and Windows-based servers and clients for communication Objective:

Client configuration and migration Guide Setting up Thunderbird 3.1

Active Directory integration with CloudByte ElastiStor

InfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x

ECAT SWE Exchange Customer Administration Tool Web Interface User Guide Version 6.7

Deploying RSA ClearTrust with the FirePass controller

BackupAssist Settings tab User guide

Using MailStore to Archive MDaemon

Embedded Web Server Security

Integrating LANGuardian with Active Directory

Using LDAP with Sentry Firmware and Sentry Power Manager (SPM)

3rd Party VoIP Phone Setup Guide (Panasonic b)

NAS 206 Using NAS with Windows Active Directory

Transcription:

Active Directory Integration Notes Created July 2006 Revised October 2007 Table of Contents Active Directory Integration Notes... 1 Introduction... 1 Overview... 1 Prerequisites... 2 Installation... 2 Creating Active Directory Groups... 2 Configure the AD Repository Servers... 2 Configure the AD Authentication Information... 3 Create PINsafe Groups... 4 Configuring Transport Groups... 4 Auto Create PIN credentials (optional)... 5 Sync the AD Database... 5 Troubleshooting... 5 Additional Information... 5 Introduction This configuration document outlines how to integrate PINsafe using Active Directory as a source of user data. During operation most of the administration work for users is carried out on the Active Directory Server. An existing AD infrastructure can be used or a new one created. This document assumes creation of new AD groups. Overview PINsafe carries out an LDAP lookup on an Active Directory Domain to populate its own database. PINsafe 3.3 onwards allows multiple AD servers to provide user information as well as an internal XML database. The following steps are required: 1. On the AD server configure authentication groups and populate users with mobile phone numbers and email addresses where required. 2. Create an AD Repository Server 3. Configure the AD authentication Information 4. On the PINsafe Server select Repository/Groups and enter the Repository Group names 5. Configure a Transport for sending security strings 6. Auto PIN creation (optional but recommended) 7. Sync the AD database. Hints: Ensure transports and alerts are working with XML users and test the configuration with a small number of users

Prerequisites Active Directory with administrator rights Active Directory login service account for PINsafe Active directory populated fields for example mobile numbers and email addresses PINsafe server LDAP browser (optional but recommended) Installation Creating Active Directory Groups Users are added to Active Directory (AD) groups to allow them access to differing authentication resources. By creating additional AD groups different configurations can be made to suit the required environment. The following documentation assumes the following configuration: PINsafe Users - who have access to all authentication methods PINsafe Administrators who have access to all authentication methods and admin rights Create a Swivel Organizational Unit (OU) Right Click on the domain then select New and then OU, enter the name Swivel Within the Swivel OU create a PINsafeAdmin Container (CN) Right click on the Swivel OU then select New Group, enter the name PINsafeAdmin Within the Swivel OU create a PINsafeUsers Container (CN) Right click on the Swivel OU then select New Group, enter the name PINsafeUsers Add users to the PINsafeUsers and PINsafeAdmin group as appropriate Configure the AD Repository Servers On the PINsafe Server select Repository/General and create an Active Directory Repository, the name should appear on the left hand side below Repository.

Configure the AD Authentication Information Select the Repository/<AD Name> you have created and enter the username and password and Active Directory Server IP address. (Note this should be an account without a regular password expiry). The user must be an account with rights to the system and the UPN (User Principle Name) must be specified, (e.g. user@mydomain.com).

Create PINsafe Groups On the PINsafe Server select Repository/Groups and enter the Repository Group names corresponding to those created in Active Directory. Leave the fields blank that are not required. The input fields are case sensitive. Use an LDAP browser if unsure of the path. The format must be: CN=<AD Container>,OU=<Organizational Unit>,DC=<mydomain>,DC=<com> Example: CN=PINsafeAdmin,OU=Swivel,DC=swivelsecure,DC=com Configuring Transport Groups Configure Transport for sending security strings (Repository Group) and alerts (Alert Repository Group). For SMS use destination attribute : mobile, for SMTP use destination attribute mail. Note: If using the Telephone Number field in AD instead of the mobile field, then the destination attribute telephonenumber needs to be specified. Hint: Test that all Transports are working. Note if using AD users and XML users you will have to use separate Transports to specify the different destination attributes.

Auto Create PIN credentials (optional) On the PINsafe Server select Server/Authentication Policy and set Create Pin Credentials to Yes. This is recommended for large numbers of AD users. Sync the AD Database On the PINsafe Server select User Admin and from the repository the AD server name then click on sync now. Users should appear. Troubleshooting Check the PINsafe server logs and system event logs for any errors or lack of communication. SEVERE Exception occurred: javax.naming.authenticationexception: [LDAP: error code 49-80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ] AuthenticationException: This can be seen when an incorrect authentication is made against an AD domain. Check the username and password. ERROR Exception occurred: during repository attribute query, object:<name>, attribute: samaccountname, exception:java.naming.invalidnameexception:<name>: [LDAP: error code 34 000208F: NameErr: DSID-031001B3, problem 2006 (BAD_NAME), data 8350, best match of: <name> ]; remaining name <name> InvalidNameException: Names have failed to be found and existing names are not found. Check the AD paths and names. Use an LDAP browser (such as Softerra which produce a freeware LDAP browser) to find the correct authentication information to the PINsafe server. admin:exception occured during repository group member query, group: CN=VPN,OU=TEST,DC=TEST,DC=LOCAL, exception javax.naming.communicationexception: 192.168.0.1:389 [Root exception is java.net.connectexception: Connection timed out: connect] CommunicationException: There is a connectivity problem between the PINsafe server and the AD server Additional Information For assistance in the PINsafe installation and configuration please contact support at support@nappliance.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information