Cisco Cisco Web Security Appliance S160 Guía Del Usuario
5-16
AsyncOS 8.7 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Authentication Realms
Creating an LDAP Authentication Realm
Before You Begin
•
Obtain the following information about LDAP in your organization:
–
LDAP version
–
Server addresses
–
LDAP ports
•
If the Web Security appliance is managed by a Security Management appliance, ensure that
same-named authentication realms on different Web Security appliances have identical properties
defined on each appliance.
same-named authentication realms on different Web Security appliances have identical properties
defined on each appliance.
Step 1
Choose Network > Authentication.
Step 2
Click Add Realm.
Step 3
Assign a unique name to the authentication realm using only alphanumeric and space characters.
Step 4
Select LDAP in the Authentication Protocol and Scheme(s) field.
Step 5
Enter the LDAP authentication settings:
Setting
Description
LDAP Version
Choose the version of LDAP, and choose whether or not to use Secure LDAP.
The appliance supports LDAP versions 2 and 3. Secure LDAP requires LDAP
version 3.
version 3.
Choose whether or not this LDAP server supports Novell eDirectory to use with
transparent user identification.
transparent user identification.
LDAP Server
Enter the LDAP server IP address or hostname and its port number. You can
specify up to three servers.
specify up to three servers.
The hostname must be a fully-qualified domain name. For example,
ldap.example.com
. An IP address is required only if the DNS servers
configured on the appliance cannot resolve the LDAP server hostname.
The default port number for Standard LDAP is 389. The default number for
Secure LDAP is 636.
Secure LDAP is 636.
If the LDAP server is an Active Directory server, enter the hostname or IP
address and the port of the domain controller here. Whenever possible, enter the
name of the Global Catalog Server and use port 3268. However, you might want
to use a local domain controller when the global catalog server is physically far
away and you know you only need to authenticate users on the local domain
controller.
address and the port of the domain controller here. Whenever possible, enter the
name of the Global Catalog Server and use port 3268. However, you might want
to use a local domain controller when the global catalog server is physically far
away and you know you only need to authenticate users on the local domain
controller.
Note: When you configure multiple authentication servers in the realm, the
appliance attempts to authorize with up to three authentication servers before
failing to authenticate the transaction within that realm.
appliance attempts to authorize with up to three authentication servers before
failing to authenticate the transaction within that realm.