Cisco Cisco Web Security Appliance S360 User Guide
20-55
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
Chapter 20 Authentication
NTLM Authentication
Also, when you view all realms on the Network > Authentication page, the
appliance displays warning text in red saying that the domain was not joined for
any realm that did not create a computer account.
appliance displays warning text in red saying that the domain was not joined for
any realm that did not create a computer account.
AsyncOS only creates an Active Directory computer account when you edit the
authentication realm Active Directory information or when the appliance reboots.
authentication realm Active Directory information or when the appliance reboots.
Note
To successfully join the Active Directory domain, the time difference between the
Web Security appliance and the Active Directory server should be less than the
time specified in the “Maximum tolerance for computer clock synchronization”
option on the Active Directory server. When you use Network Time Protocol
(NTP) to specify the current time on the Web Security appliance, remember that
the default time server is time.ironport.com. This may affect the time difference
between the appliance and the Active Directory server.
Web Security appliance and the Active Directory server should be less than the
time specified in the “Maximum tolerance for computer clock synchronization”
option on the Active Directory server. When you use Network Time Protocol
(NTP) to specify the current time on the Web Security appliance, remember that
the default time server is time.ironport.com. This may affect the time difference
between the appliance and the Active Directory server.
Some Active Directory environments automatically delete computer objects at
particular intervals for accounts that appear in active in order to clean up old
computer objects. However, AsyncOS does not automatically change the
password for the computer account it creates in an Active Directory server, so the
computer account may appear inactive over time. Therefore, if the Active
Directory environment automatically deletes computer objects at particular
intervals, make sure the Web Security appliance computer account is created in a
container that is exempt from this cleanup process.
particular intervals for accounts that appear in active in order to clean up old
computer objects. However, AsyncOS does not automatically change the
password for the computer account it creates in an Active Directory server, so the
computer account may appear inactive over time. Therefore, if the Active
Directory environment automatically deletes computer objects at particular
intervals, make sure the Web Security appliance computer account is created in a
container that is exempt from this cleanup process.
Red text indicates that the domain was not joined and no computer account was created.