Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

Similar documents
Configuring Sponsor Authentication

Active Directory 2008 Implementation. Version 6.410

PineApp Surf-SeCure Quick

How To - Implement Single Sign On Authentication with Active Directory

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

Integrating Webalo with LDAP or Active Directory

Installation and Administration Guide For Windows / Linux

Summary. How-To: Active Directory Integration. April, 2006

Configuring User Identification via Active Directory

Enabling single sign-on for Cognos 8/10 with Active Directory

1 Introduction. Ubuntu Linux Server & Client and Active Directory. Page 1 of 14

1 Introduction. Windows Server & Client and Active Directory.

VMware Identity Manager Administration

PriveonLabs Research. Cisco Security Agent Protection Series:

IIS, FTP Server and Windows

Sample Configuration: Cisco UCS, LDAP and Active Directory

Configuring HP Integrated Lights-Out 3 with Microsoft Active Directory

Configuring and Using the TMM with LDAP / Active Directory

NetIQ Advanced Authentication Framework - MacOS Client

How to Configure Active Directory based User Authentication

Integrating LANGuardian with Active Directory

Administration Guide. . All right reserved. For more information about Specops Password Sync and other Specops products, visit

To enable an application to use external usernames and passwords, you need to first configure CA EEM to use external directories.

Dell KACE K1000 Management Appliance. Service Desk Administrator Guide. Release 5.3. Revision Date: May 13, 2011

Here, we will discuss step-by-step procedure for enabling LDAP Authentication.

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

How to Logon with Domain Credentials to a Server in a Workgroup

Using LDAP Authentication in a PowerCenter Domain

F-Secure Messaging Security Gateway. Deployment Guide

Getting Started with Clearlogin A Guide for Administrators V1.01

How To Configure A Bomgar.Com To Authenticate To A Rdius Server For Multi Factor Authentication

Click Studios. Passwordstate. Installation Instructions

NETASQ SSO Agent Installation and deployment

Defender Token Deployment System Quick Start Guide

Using LDAP with Sentry Firmware and Sentry Power Manager (SPM)

INUVIKA OVD VIRTUAL DESKTOP ENTERPRISE

Configuring MailArchiva with Insight Server

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Dell KACE K1000 System Management Appliance Version 5.4. Service Desk Administrator Guide

qliqdirect Active Directory Guide

Active Directory Requirements and Setup

CLEO NED Active Directory Integration. Version 1.2.0

Active Directory Integration

LDAP and Active Directory Guide

VMware Identity Manager Administration

Installation and Configuration Guide

Using LDAP for User Authentication

NSi Mobile Installation Guide. Version 6.2

TopEase Single Sign On Windows AD

CA Performance Center

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

HP Device Manager 4.6

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

Windows 2000 Active Directory Configuration Guide

Security Provider Integration RADIUS Server

Click Studios. Passwordstate. Installation Instructions

Troubleshooting Active Directory Server

Device Log Export ENGLISH

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

MailArchiva Enterprise Edition V2.1

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

ProxySG TechBrief LDAP Authentication with the ProxySG

LDAP User Guide PowerSchool Premier 5.1 Student Information System

HOW TO CONFIGURE SQL SERVER REPORTING SERVICES IN ORDER TO DEPLOY REPORTING SERVICES REPORTS FOR DYNAMICS GP

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Basic Exchange Setup Guide

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

Authentication Methods

Security Provider Integration Kerberos Authentication

Getting Started Guide

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

LDAP Authentication and Authorization

Deploying RSA ClearTrust with the FirePass controller

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

This presentation explains how to integrate Microsoft Active Directory to enable LDAP authentication in the IBM InfoSphere Master Data Management

Sophos UTM Web Application Firewall for Microsoft Exchange connectivity

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor

Management Utilities Configuration for UAC Environments

PGP Desktop LDAP Enterprise Enrollment

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

Deploying ModusGate with Exchange Server. (Version 4.0+)

User-ID Best Practices

TypingMaster Intra. LDAP / Active Directory Installation. Technical White Paper (2009-9)

OnCommand Performance Manager 1.1

MadCap Software. Upgrading Guide. Pulse

Skyward LDAP Launch Kit Table of Contents

Quick Start Guide. Sendio System Protection Appliance. Sendio 5.0

Installation and Configuration Guide

How To Install Ctera Agent On A Pc Or Macbook With Acedo (Windows) On A Macbook Or Macintosh (Windows Xp) On An Ubuntu (Windows 7) On Pc Or Ipad

Siteminder Integration Guide

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory

Basic Exchange Setup Guide

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

SINGLE SIGN-ON FOR MTWEB

POP3 Connector for Exchange - Configuration

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Transcription:

DataCove DT Active Directory Authentication In Active Directory (AD) authentication mode, the server uses NTLM v2 and LDAP protocols to authenticate users residing in Active Directory. The login procedure is a five step process: 1. DataCove authenticates with Active Directory using a service computer account (you ll see later how this computer account is created) 2. DataCove searches for the login user in Active Directory using the login name 3. DataCove binds (authenticates) with the login user using the supplied password 4. DataCove assigns a role to the user based on the defined role assignments 5. DataCove extracts the user s email addresses from the mail LDAP attribute for use in search filtering Note: If you are upgrading from earlier versions of DataCove, you should know that DataCove s authentication mechanism has changed from Kerberos to NTLM v2 authentication. NTLM v2 authentication requires that the service account is a computer account, not a normal user account. Thus, to upgrade, you will need to create a computer account in AD, set a password on the computer password using the scripts provided, and change the service account to service$@business.local. Note the dollar ($) sign in the service account UPN is used to denote a computer account (as opposed to a user account in Active Directory). Field Description Example DNS IP Address Active Directory Address IP address of your DNS server. It is used to resolve fully qualified domain names The fully qualified domain name of Active Directory 192.168.0.1 active.business.local

Base DN The distinguished name of the location in dc=company,dc=com AD where DataCove should start searching for end-user entries. Service Account The FQDN of the service computer in AD. service$@business.local Login Service Account The service computer password Password Mail Attribute The mail attribute where the user s email ProxyAddresses addresses are obtained Email Value The regular expression used to extract the SMTP:(*.) email value from the mail attribute. Bind Attribute The attribute used to search for the user SAMAccountName using login username in AD s LDAP. Leave this as is, unless you want users to be able to login using email address, or some other attribute. NTLM When NTLM authentication is enabled, Disabled Authentication DataCove will perform single-sign-on authentication with the users session. Active Directory Configuration Table In order to authenticate with Active Directory, DataCove requires that a new computer account is created in Active Directory and that a password to the account is set. While it is possible to create a new Computer using Active Directory Users and Computers, there is currently no way from the GUI to set passwords on Computer accounts. For this purpose, a VBS script called ADSetupWizard.vbs is created. The script, when executed with Domain Administrator privileges, will automatically create a Computer in Active Directory and set a password on the Computer account. It will also output the AD configuration settings that are appropriate for your setup. 1. You need to run the provided VBS script called ADSetupWizard.vbs. 2. Login to any computer nearby to (and including...) the DataCove server as a Domain Administrator. Copy the ADSetupWizard.vbs script to the local machine and run it. 3. Follow the Wizard instructions to create new service Computer account in Active Directory and a set a password on the service account. 4. When the Wizard completes, take note of the settings needed to define the AD settings in DataCove. 5. Open the DataCove Configuration console; select the Logins menu on the left. Choose Active Directory authentication and enter the settings outputted by the AD Wizard. 6. Next, click the New Role Assignment button to create a mapping between a Role in DataCove and an Active Directory attribute.

Note: If the ADSetupWizard.vbs script generates the error Access Denied 80070005, it may be necessary to temporarily disable Windows UAC on the machine where the script is executed. Note: If you experience problems running the ADSetupWizard.vbs script, as an alternative, you can create a computer manually in using Active Directory Users and Computers. Thereafter, run the SetComputerPassword.vbs script to set the computer password Note: Microsoft requires that the user assigned the impersonation rights should not also have administrator rights assigned. When assigning roles to Active Directory users, it is necessary to select a role, select an LDAP attribute and enter a match criterion. Field Role LDAP Attribute Match Criterion Description Role to be assigned LDAP attribute to use for the role assignment A value that is compared against a corresponding LDAP attribute in Active Directory for an authenticating user. Role Assignment Field Table To complete the attribute and match criterion fields, it is useful to understand how roles are assigned to users during console authentication. A user in Active Directory has a set of LDAP attributes associated with it. These attributes are essentially properties about the user (e.g. account name, user group, etc.). During console authentication, once the user has been identified, the value of the attribute selection is retrieved from Active Directory. This value is compared against the value entered in the match criterion field. If there is a match, the selected role is assigned to the user. To assign a role to a Windows user, select SAMAccountName as the LDAP attribute and enter the user s name in the match criterion field. To assign a role to all users within a user group, select memberof in the attribute field and enter the distinguished name of the user group in Active Directory (e.g. CN=Enterprise Admins, CN=Users, DC=company, DC=com ). Note: The match criterion field also accepts regular expressions for complex pattern matching requirements.

LDAP Attribute memberof userprincipalname SAMaccountName distinguishedname Match Criterion Value Active Directory user group CN=Enterprise Admins,CN=Users,DC=company,DC=com jdoe@company.com Jdoe CN=John Doe,CN=Users,DC=company,DC=com Match Criterion Sample Values Table In specifying the match criterion field, it is useful to lookup the LDAP attribute name and values associated with a user. This is done by clicking the Lookup button and entering a user's username (e.g. admin@company.com) and a password. A simple way to assign a role to an individual user is to copy one of the values of any of the attributes described in Table 5 and paste them into the match criterion field. There is likely to be an error in your configuration if the Lookup dialog does not return any LDAP attribute values. Once all role assignments are configured, execute a Test Login to ensure that your Kerberos settings, LDAP settings and user roles have been configured correctly. If problems are encountered, enable server debugging as described in Section 27.1.1 to determine the source of the problem. If you are unable to get AD authentication working in your environment, it is possible to authenticate with AD using password-based LDAP authentication instead. To do this, select LDAP authentication, enter the mail attribute to be proxyaddresses and SAMAccountName to be the bind attribute. You will also need to clear out the default login name suffix in the Logins section. See section 9.4.4 for more information. Multi-Domain Authentication Tip: if your organization has multiple domains, DataCove must be configured to connect to AD s Global Catalog Server running on port 3268. To do this, change your Active Directory server FQDN to the equivalent of company.com:3268. Set the base DN to be empty.

NTLM Authentication The DataCove console supports single-sign-on authentication with Windows using NTLM authentication. With NTLM authentication enabled, there is no need for a user to manually log in to DataCove. Users will be logged to the DataCove console automatically using their Windows credentials. Before enabling NTLM authentication, be sure that standard AD authentication (without NTLM authentication) is working correctly. There are few necessary measures to ensure the correct functioning of the NTLM Authentication feature: 1. NTLM authentication must be enabled in AD authentication settings 2. There must be a matching role assignment in DataCove for each Windows domain user where access to DataCove is intended 3. From the connecting user s client computer, the DataCove server must be Addressable by fully qualified domain name (FQDN) 4. The address containing the FQDN of the DataCove server must be added as a trusted site in Internet Explorer s Local Intranet security zone. To do this, click Tools- >Internet Options->Security->Local Intranet->Sites->Advanced. Type in the address of the DataCove server (e.g. http://datacove.smallbusiness.local). Does not use the IP address of the server it will not work! For test purposes, the DataCove server s FQDN can be added to hosts file of the client computer. On condition that all four of the above conditions are met, when entering the DataCove console URL, users will be logged in automatically. When NTLM authentication is enabled, to explicitly login as the master user or another user, it is necessary to specify the URL equivalent of http://datacove.smallbusiness.local/signonform.do The easiest way is to implement NTLM authentication on every workstation in the company is by adding the fully qualified domain name of the DataCove server to the following registry key in Microsoft s Group Policy Editor: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\iinternet\Settin gs\zonemap\domains

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information