Cisco Cisco Web Security Appliance S680 Guía Del Usuario
5-6
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Authentication Realms
Step 8
Configure Network Security:
Step 9
(Optional) Click Start Test. This will test the settings you have entered, ensuring they are correct before
real users use them to authenticate. For details on the testing performed, see
real users use them to authenticate. For details on the testing performed, see
.
Step 10
Submit and commit your changes.
Tip
•
Customize the access log to use the %m custom field parameter.
Next Step
•
Create an Identity that uses the Kerberos authentication scheme.
.
Creating an Active Directory Authentication Realm
Before You Begin
•
Ensure you have the rights and domain information needed to join the Web Security appliance to the
Active Directory domain you wish to authenticate against.
Active Directory domain you wish to authenticate against.
•
If you plan to use “domain” as the NTLM security mode, use only nested Active Directory groups.
If Active Directory groups are not nested, use the default value, “ads”. See
If Active Directory groups are not nested, use the default value, “ads”. See
the Command Line Interface appendix of this guide.
•
Compare the current time on the Web Security appliance with the current time on the Active
Directory server and verify that the difference is no greater than the time specified in the “Maximum
tolerance for computer clock synchronization” option on the Active Directory server. If the Web
Security appliance is managed by a Security Management appliance, be prepared to ensure that
same-named authentication realms on different Web Security appliances have identical properties
defined on each appliance. Be aware that once you commit the new realm, you cannot change a
realm’s authentication protocol.
Directory server and verify that the difference is no greater than the time specified in the “Maximum
tolerance for computer clock synchronization” option on the Active Directory server. If the Web
Security appliance is managed by a Security Management appliance, be prepared to ensure that
same-named authentication realms on different Web Security appliances have identical properties
defined on each appliance. Be aware that once you commit the new realm, you cannot change a
realm’s authentication protocol.
Step 1
Choose Network > Authentication.
Step 2
Click Add Realm.
Setting
Description
Enable Transparent
User Identification using
Active Directory agent
User Identification using
Active Directory agent
Enter both the server name for the machine where the primary Active
Directory agent is installed and the shared secret used to access it.
Directory agent is installed and the shared secret used to access it.
(Optional) Enter the server name for the machine where a backup Active
Directory agent is installed and its shared secret.
Directory agent is installed and its shared secret.
Setting
Description
Client Signing Required
Select this option if the Active Directory server is configured to require
client signing.
client signing.
With this option selected, AsyncOS uses Transport Layer Security when
communicating with the Active Directory server.
communicating with the Active Directory server.