CYBEROAM WINDOWS DOMAIN CONTROLLER INTEGRATION GUIDE VERSION:



Similar documents
CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad , INDIA

CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad , INDIA

ADS Integration Guide

Radius Integration Guide Version 9

HTTP Client Installation Guide Version 9

High Availability Configuration Guide Version 9

SOFTWARE LICENSE LIMITED WARRANTY

IPSec VPN Client Installation Guide. Version 4

Cyberoam Multi link Implementation Guide Version 9

Virtual LAN Configuration Guide Version 9

SSL VPN Client Installation Guide Version 9

Cyberoam IPSec VPN Client Configuration Guide Version 4

Cyberoam Anti Spam Implementation Guide Version 9

Cyberoam Anti Virus Implementation Guide Version 9

Cyberoam Anti Spam Configuration Guide Version 9

Thin Client Solution Installation Guide Version

Cyberoam Configuration Guide for VPNC Interoperability Testing using DES Encryption Algorithm

SSL VPN Management Guide Version 10

User Guide Version 9 Document version /03/2007

Cyberoam Virtual Security Appliance - Installation Guide for XenServer. Version 10

Cyberoam Anti Spam Implementation Guide Version 9

Version: 4.10 Build 010 Date: April, 2008

Cyberoam Virtual Security Appliance - Installation Guide for VMware ESX/ESXi. Version 10

User Guide Version 9.5.8

Self Help Guides. Create a New User in a Domain

Svn.spamsvn110. QuickStart Guide to Authentication. WebTitan Version 5

MiSync Personal for Beams

4.0. Offline Folder Wizard. User Guide

How To - Implement Single Sign On Authentication with Active Directory

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10

Defender Delegated Administration. User Guide

Quick Connect Express for Active Directory

Active Directory Change Notifier Quick Start Guide

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

empower Authentication Manual, Version 3.7

Ektron CMS400.NET Virtual Staging Server Manual Version 7.5, Revision 1

Copy Tool For Dynamics CRM 2013

By the Citrix Publications Department. Citrix Systems, Inc.

Application Note. Gemalto s SA Server and OpenLDAP

formerly Help Desk Authority HDAccess Administrator Guide

8.7. Resource Kit User Guide

Quest ChangeAuditor 5.1 FOR ACTIVE DIRECTORY. User Guide

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Installation Guide Supplement

Symantec Backup Exec Management Plug-in for VMware User's Guide

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Desktop Authority vs. Group Policy Preferences

TelePresence Migrating TelePresence Management Suite (TMS) to a New Server

Application Note. SA Server and ADAM

Preparing Your Server for an MDsuite Installation

User Guide for Paros v2.x

Symantec Managed PKI. Integration Guide for ActiveSync

MULTIFUNCTIONAL DIGITAL COLOR SYSTEMS. User Management Guide

AccelPro SSL VPN v3.1.9 AccelPro SSL VPN. End User Installation Guide for Director General Of Hydro Carbon Users

Unified Threat Management

RSA Two Factor Authentication. Feature Description

Sample Configuration: Cisco UCS, LDAP and Active Directory

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Contents Notice to Users

Cloud Identity Management Tool Quick Start Guide

Defender 5.7. Remote Access User Guide

How to install Artologik HelpDesk 3

Synology NAS Server Windows ADS FAQ

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Quest ChangeAuditor 4.8

Synology NAS Server Mail Station User Guide

NetBak Replicator 4.0 User Manual Version 1.0

DameWare Server. Administrator Guide

BES10 Self-Service. Version: User Guide

VCCC Appliance VMware Server Installation Guide

Active Directory Manager Pro New Features

Interworks. Interworks Cloud Platform Installation Guide

DPW ENTERPRISES Web Design and Hosting Services Autoresponder Software User s Guide

EMC Data Domain Management Center

Self Help Guides. Setup Exchange with Outlook

Dell Statistica Document Management System (SDMS) Installation Instructions

BlackBerry Desktop Manager Version: User Guide

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

Adeptia Suite LDAP Integration Guide

Installing the IPSecuritas IPSec Client

StoneGate SSL VPN Technical Note Adding Bundled Certificates

Web Remote Access. User Guide

Dell Unified Communications Command Suite - Diagnostics 8.0. Data Recorder User Guide

SafeNet Cisco AnyConnect Client. Configuration Guide

Administration Quick Start

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

Configuring IBM Cognos Controller 8 to use Single Sign- On

formerly Help Desk Authority Upgrade Guide

Database Client/Server

FOR WINDOWS FILE SERVERS

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

8.7. Target Exchange 2010 Environment Preparation

Pulse Redundancy. User Guide

Transcription:

7300-1.0-9/20/2005 1 CYBEROAM WINDOWS DOMAIN CONTROLLER INTEGRATION GUIDE VERSION: 7

7300-1.0-9/20/2005 2 IMPORTANT NOTICE Elitecore has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Elitecore assumes no responsibility for any errors that may appear in this document. Elitecore reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice. SOFTWARE LICENSE The software described in this document is furnished under the terms of Elitecore s software license agreement. Please read these terms and conditions carefully before using the software. By using this software, you agree to be bound by the terms and conditions of this license. If you do not agree with the terms of this license, promptly return the unused software and manual (with proof of payment) to the place of purchase for a full refund. LIMITED WARRANTY Software: Elitecore warrants for a period of ninety (90) days from the date of shipment from Elitecore: (1) the media on which the Software is furnished will be free of defects in materials and workmanship under normal use; and (2) the Software substantially conforms to its published specifications except for the foregoing, the software is provided AS IS. This limited warranty extends only to the customer as the original licenses. Customers exclusive remedy and the entire liability of Elitecore and its suppliers under this warranty will be, at Elitecore or its service center s option, repair, replacement, or refund of the software if reported (or, upon, request, returned) to the party supplying the software to the customer. In no event does Elitecore warrant that the Software is error free, or that the customer will be able to operate the software without problems or interruptions. DISCLAIMER OF WARRANTY Except as specified in this warranty, all expressed or implied conditions, representations, and warranties including, without limitation, any implied warranty or merchantability, fitness for a particular purpose, noninfringement or arising from a course of dealing, usage, or trade practice, and hereby excluded to the extent allowed by applicable law. In no event will Elitecore or its supplier be liable for any lost revenue, profit, or data, or for special, indirect, consequential, incidental, or punitive damages however caused and regardless of the theory of liability arising out of the use of or inability to use the product even if Elitecore or its suppliers have been advised of the possibility of such damages. In the event shall Elitecore s or its suppliers liability to the customer, whether in contract, tort (including negligence) or otherwise, exceed the price paid by the customer. The foregoing limitations shall apply even if the above stated warranty fails of its essential purpose. In no event shall Elitecore or its supplier be liable for any indirect, special, consequential, or incidental damages, including, without limitation, lost profits or loss or damage to data arising out of the use or inability to use this manual, even if Elitecore or its suppliers have been advised of the possibility of such damages. RESTRICTED RIGHTS Copyright 2000 Elitecore Technologies Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Elitecore Technologies Ltd. Information supplies by Elitecore Technologies Ltd. Is believed to be accurate and reliable at the time of printing, but Elitecore Technologies assumes no responsibility for any errors that may appear in this documents. Elitecore Technologies reserves the right, without notice, to make changes in product design or specifications. Information is subject to change without notice CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad 380015, INDIA www.cyberoam.com

7300-1.0-9/20/2005 3 Elitecore Technologies Ltd. Corporate Office 904 Silicon Tower, B/h Pariseema Building, Off. C.G. Road, Ahmedabad-380 006. INDIA Telphone: +91-79-26405600 Fax: +91-79-26462200 Banglore Office 3 rd floor, 19/1 Infantry Road Cross Behind Medinova Diagnostic Centre Banglore-560 001. INDIA Telphone: +91-80-51517880/81 Delhi Office U.S.A Office 600 Meadowland Parkway, Suite 270, Secaucus, New Jersey 07094 U.S.A. Telphone: 201-422-9200 Fax: 201-422-9715 606 Mahatta Tower, B Block Community Centre, Janakpuri, New Delhi-110058. INDIA Telphone: +91-11-25529638/40, +91-11- 51589761/62 Fax: +91-11-51589760 Mumbai Office Office 4, B/65, Stanford Plaza, Off. New Link Road, Andheri (W) Mumbai-400 058. INDIA Telphone: +91-22-56951280/380 Fax: +91-22-56923363

Cyberoam Windows Domain Controller Guide Guide Sets Guide Installation & Registration Guide User Guide Part I Getting Started Part II Management Detailed statistics Reports Console Guide Windows Client Guide Linux Client Guide HTTP Client Guide Analytical Tool Guide Cyberoan - LDAP Integration guide Cyberoam ADS Integration Guide Data transfer Management Guide Mail Management Multi Link Manager User Guide VPN Management Printer Usage Management Guide Printer Installation and Configuration Guide Describes Installation & registration process How to start using Cyberoam Management and Customization of Cyberoam Detailed reports Console Management Installation & configuration of Cyberoam Windows Client Installation & configuration of Cyberoam Linux Client Installation & configuration of Cyberoam HTTP Client Using the Analytical tool for diagnosing and troubleshooting common problems Configuration for integrating LDAP with Cyberoam for external authentication Configuration for integrating ADS with Cyberoam for external authentication Configuration and Management of user based data transfer policy Configuration and Management of Mail server Configuration of Multiple Gateways, load balancing and failover Implementing and managing VPN Configuration and Management of user based printing quota policy Installation and Configuration of Elitecore Print Manager 7300-1.0-9/20/2005 4

7300-1.0-9/20/2005 5 Cyberoam Windows Domain Controller Guide Technical Support You may direct all questions, comments, or requests concerning the software you purchased, your registration status, or similar issues to Customer care/service department at the following address: Corporate Office elitecore Technologies Ltd. 904, Silicon Tower Off C.G. Road Ahmedabad 380015 Gujarat, India. Phone: +91-79-26405600 Fax: +91-79-26462200 Web site: www.elitecore.com Cyberoam contact: Technical support (Corporate Office): +91-79-26400707 Email: support@cyberoam.com Web site: www.cyberoam.com Visit www.cyberoam.com for the regional and latest contact information.

Cyberoam Windows Domain Controller Guide Typographic Conventions Material in this manual is presented in text, screen displays, or command-line notation. Item Convention Example Server Client User Username Part titles Topic titles Bold and shaded font typefaces Shaded font typefaces Machine where Cyberoam Software - Server component is installed Machine where Cyberoam Software - Client component is installed The end user Username uniquely identifies the user of the system Report Introduction Subtitles Bold & Black typefaces Notation conventions Navigation link Bold typeface Group Management Groups Create it means, to open the required page click on Group management then on Groups and finally click Create tab Name of a particular parameter / field / command button text Cross references Lowercase italic type Hyperlink in different color Enter policy name, replace policy name with the specific name of a policy Or Click Name to select where Name denotes command button text which is to be clicked refer to Customizing User database Clicking on the link will open the particular topic Notes & points to remember Prerequisites Bold typeface between the black borders Bold typefaces between the black borders Note Prerequisite Prerequisite details 7300-1.0-9/20/2005 6

7300-1.0-9/20/2005 7 Cyberoam Windows Domain Controller Guide Introduction Cyberoam provides policy-based filtering that allows to define individual filtering plans for various users of your organization. You can assign individual policies to users (identified by IP address), or a single policy to a collection of users (Group). Cyberoam detects users as they log on to Windows domains in your network via client machines. Cyberoam can be used with a Windows Domain controller or Active Directory. To filter Internet requests based on policies assigned, Cyberoam must be able to identify a user making a request. There are various ways Cyberoam can receive this information: Cyberoam can identify the user transparently, if your network uses a Active Directory service and have integrated with Cyberoam. Refer to ADS Integration and Configuration Guide for details. Cyberoam can identify the user transparently, if your network uses a Windows Domain controller and have integrated with Cyberoam. Refer to Windows Domain Controller Integration and Configuration Guide for details. Cyberoam can prompt the user for identification if your network does not use Windows environment. Refer to Cyberoam Authentication for details.

7300-1.0-9/20/2005 8 Cyberoam Windows Domain Controller Guide Authentication process When Cyberoam is installed in Windows environment with PDC (Primary Domain Controller) server, it is not necessary to create users again in Cyberoam. Cyberoam provides a facility to automatically create user(s) on first logon. Whenever the exisiting user(s) in PDC logs on for the first time after configuration, user gets automatically created in Cyberoam and is assigned to the default group. This reduces Administrator s burden of creating the same users in Cyberoam or migrating all the existing users from PDC. User has to be authenticated by Cyberoam before accessing any resources controlled by Cyberoam. Cyberoam sends the user authentication request to PDC and Windows server authenticates user as per supplied tokens. User can log on using their Windows authentication tokens. (login/user name and password). Note If the PDC server is down then the authentication request will always return as a message as Wrong username/password It is necessary to have shared NETLOGON directory on PDC with the following permissions: Read, Read & Execute, List Folder Contents

Cyberoam Windows Domain Controller Guide Select User Authentication Settings to open configuration page Screen Domain controller Integration Screen Elements Description Configure Authentication & Integration parameters Integrate with Select Windows Domain controller as authentication server Default Group Update button Add button Remove button Update button Cyberoam automatically adds users into the default group on first logon. Allows to select default group for users Click Default Group list to select Updates and saves the authentication server configuration Allows to add domain controller details Refer Add Domain Controller for details Allows to remove domain controller details Click to select the server to be removed Click Remove Click Update Updates and saves the domain controller details Table Domain controller Integration screen elements 7300-1.0-9/20/2005 9

Cyberoam Windows Domain Controller Guide Add Domain controller Screen Set Domain Controller Screen Elements Description Authentication Server Information Server IP address Allows to add IP Address of Doamin controller Server Details OK button Cancel button More than one server can also be added Allows to add server details Adds the server details Cancels the current operation and returns to External Authentication page Table Set Domain Controller screen elements Note It is possible to authenticate Users of multiple PDC servers 7300-1.0-9/20/2005 10

7300-1.0-9/20/2005 11 Cyberoam Windows Domain Controller Guide Single Sign on Client Configuration If user is configured for Single sign on, whenever User logs on to Windows, user is automatically logged to the Cyberoam also. Single sign on also supports multiple log on facility. Single sign on provides password synchronization for Users of Windows and Cyberoam. i.e. if the user is configured for Single sign on, whenever User logs on to Windows, user is automatically logged to Cyberoam also. This will also enable Users to check their My Account using their windows password. Once the Users are migrated successfully, follow the procedure to configure for Single Sign on login utility. Step 1 Download the Cyberoam Single Sign on client as shown in the below screen shot and save SSCyberoam.exe to the NETLOGON scripts directory on the domain controller or as per your configuration. The logon scripts contain the configuration parameters for the initial user environment. The default location of NETLOGON directory is as given below:

7300-1.0-9/20/2005 12 Cyberoam Windows Domain Controller Guide Server OS NETLOGON default location Windows NT %SYSTEMROOT%/system32/Repl/Import/Scripts Windows 2000 %SYSTEMROOT%/SYSVOL/sysvol/%USERDNSDOMAIN%/Scripts Table - Default NETLOGON directory location Screen - Download Single sign on Client Go to step 2 if logon scripts for the Users are already created Go to step 3 if logon scripts for the Users are not created Note If logon scripts for all the Users already exist, please do not download Logon Script Updation Utility and execute the script defaultlogonscript.bat, Step 2 If the logon scripts are already created, then Update them. Edit the logon script using any of the available Editors like Notepad and add the following line in the script and save the script: start \\PDCServerName\netlogon\SSCyberoam.exe IP address of the Cyberoam Server E.g., start \\mypdc\netlogon\sscyberoam.exe 192.168.1.100 Whenever the User tries to logon in Windows, the logon script will be executed. The above statement in logon script executes the Cyberoam logon program with the Windows Username and automatically logs in User to the Cyberoam. Step 3 If the logon scripts are not created Create a new script - defaultlogonscript.bat using any of the available Editor like Notepad Add line start \\PDCServerName\netlogon\SSCyberoam.exe IP address of the Cyberoam Server E.g., start \\mypdc\netlogon\sscyberoam.exe 192.168.1.100 Copy the script - defaultlogonscript.bat to NETLOGON scripts directory. Refer to step 1 to find location of the NETLOGON scripts directory Download Logon Script Updation Utility as shown in the below screen shot and save the script as updatelogonscript.bat in the root directory of the server Open the command prompt

7300-1.0-9/20/2005 13 Cyberoam Windows Domain Controller Guide Screen - Download User Logon Script Updation utility Execute updatelogonscript.bat at the command prompt as follows: updatelogonscript.bat defaultlogonscript.bat This will update/add the logon script of the Users in the domain to defaultlogonscript.bat Screen - LOGON script change utility Whenever the User tries to logon in Windows, the script defaultlogonscript.bat will be executed which in turn executes the Cyberoam logon program with the Windows Username and automatically logs in User to the Cyberoam. If the User has logged in successfully using Single Sign on utility, then (S) will be shown next to the Username e.g. Joe (S) in the Live User list

7300-1.0-9/20/2005 14 Cyberoam Windows Domain Controller Guide Some Exception Conditions 1. If the User does not exist in Cyberoam, message Wrong Username/Password will be displayed 2. Logon script will not execute if Domain Controller is down and User will not be able to log on to Cyberoam and Internet access will not be available Once Domain Controller is up, Users will have to re-logon 3. If Cyberoam is down or not reachable, the Cyberoam Single Sign client will continuously try to logon, and as soon as it is up Internet access will be available Note 1. Clientless users need not logon into Cyberoam but automatically logs on at system startup 2. Clientless users are automatically relogged in at 1.00 AM everyday 3. Single sign on Client users automatically logs on into Cyberoam when they log on to Windows

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information