Cisco Cisco Web Security Appliance S690 User Guide
350
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
TE S T I N G A U T H E N T I C A T I O N S E T T I N G S
When you create or edit an authentication realm, you enter a lot of configuration settings to
connect to the authentication server. You can test the settings you enter before submitting the
changes to verify you entered the connection information correctly.
connect to the authentication server. You can test the settings you enter before submitting the
changes to verify you entered the connection information correctly.
You can test authentication setting from either the CLI or the web interface:
• Web interface. Use Start Test when you create or edit an authentication realm. For more
information, see “Testing Authentication Settings in the Web Interface” on page 351.
• CLI command. Use the
testauthconfig
command. For more information, see “Testing
Testing Process
When you test authentication settings, the Web Security appliance first verifies that the
settings you entered for the realm are in valid formats. For example, if a field requires a string
and it currently contains a numeric value, the appliance informs you of that error.
settings you entered for the realm are in valid formats. For example, if a field requires a string
and it currently contains a numeric value, the appliance informs you of that error.
If all fields contain valid values, the appliance performs different steps, depending on the
authentication protocol. If the realm contains multiple authentication servers, the appliance
goes through the testing process for each server in turn.
authentication protocol. If the realm contains multiple authentication servers, the appliance
goes through the testing process for each server in turn.
The appliance continues testing all servers in the realm and determines as many failures as
possible for each server. It reports the testing outcome of each server in the realm.
possible for each server. It reports the testing outcome of each server in the realm.
LDAP Testing
The appliance performs the following steps when you test LDAP authentication settings:
1. It ensures that the LDAP server is listening on the specified LDAP port.
2. If Secure LDAP is selected, the appliance ensures the LDAP server supports secure LDAP.
3. It performs an LDAP query using the supplied Base DN, User Name Attribute, and User
Filter Query.
4. If the realm includes Bind Parameters, the appliance validates them by forming an LDAP
query with the Bind Parameters.
5. If Group Authorization is provided, the appliance ensures that the specified group
attributes are valid by fetching the groups from the server.
NTLM Testing
The appliance performs the following steps when you test NTLM authentication settings:
1. It ensures that the specified Active Directory server is reachable and responds to queries.
2. It ensures that a DNS lookup on the Active Directory domain is successful since it must be
a DNS domain name and not a WINS domain name.
3. It ensures the system time of the appliance and the system time of the Active Directory
server are within three minutes of each other.