Cisco Cisco Web Security Appliance S690 User Guide
5-13
AsyncOS 9.1.1 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Authentication Realms
b.
Click Join Domain.
Note
If you attempt to join a domain you have already joined (even if you use the same credentials),
existing connections will be closed, as the Active Directory will send a new set of keys to all
clients including this WSA. Affected clients will need to log off and log back in again.
existing connections will be closed, as the Active Directory will send a new set of keys to all
clients including this WSA. Affected clients will need to log off and log back in again.
c.
Provide login credentials (user name and passphrase) for the account on the Active Directory, and
click Create Account.
click Create Account.
Step 7
(Optional) Configure transparent user identification.
Step 8
Configure Network Security:
Step 9
(Optional) Click Start Test. This will test the settings you have entered, ensuring they are correct before
real users use them to authenticate. For details on the testing performed, see
real users use them to authenticate. For details on the testing performed, see
•Create additional NTLM
realms to authenticate users in domains that are not trusted by existing NTLM realms., page 5-21
.
Step 10
Troubleshoot any issues found during testing. See
Step 11
Submit and commit your changes.
Setting
Description
Active Directory Domain
The Active Directory serve3r domain name. Also known as a DNS Domain
or realm.
or realm.
NetBIOS domain name
If the network uses NetBIOS, provide the domain name.
Tip
If this option is not available use the
CLI
command to verify that the NTLM security mode is set to “domain.”
Computer Account
Specify a location within the Active Directory domain where AsyncOS
will create an Active Directory computer account, also known as a
“machine trust account,” to uniquely identify the computer on the domain.
will create an Active Directory computer account, also known as a
“machine trust account,” to uniquely identify the computer on the domain.
If the Active Directory environment automatically deletes computer
objects at particular intervals, specify a location for the computer account
that is in a container, protected from automatic deletion.
objects at particular intervals, specify a location for the computer account
that is in a container, protected from automatic deletion.
Setting
Description
Enable Transparent
User Identification using
Active Directory agent
User Identification using
Active Directory agent
Enter both the server name for the machine where the primary Context
Directory agent is installed and the shared secret used to access it.
Directory agent is installed and the shared secret used to access it.
(Optional) Enter the server name for the machine where a backup Context
Directory agent is installed and its shared secret.
Directory agent is installed and its shared secret.
Setting
Description
Client Signing Required
Select this option if the Active Directory server is configured to require
client signing.
client signing.
With this option selected, AsyncOS uses Transport Layer Security when
communicating with the Active Directory server.
communicating with the Active Directory server.