Cisco Cisco Web Security Appliance S190 Guía Del Usuario
5-11
Cisco AsyncOS 8.0.6 for Web User Guide
Chapter 5 Acquire End-User Credentials
Authentication Realms
Step 7
(Optional) Click Start Test. This will test the settings you have entered, ensuring they are correct before
real users use them to authenticate. For details on the testing performed, see
real users use them to authenticate. For details on the testing performed, see
.
Note
Once you submit and commit your changes, you cannot later change a realm’s authentication protocol.
Step 8
Submit and commit your changes.
Using Multiple NTLM Realms and Domains
The following rules apply in regard to using multiple NTLM realms and domains:
•
You can create up to 10 NTLM authentication realms.
•
The client IP addresses in one NTLM realm must not overlap with the client IP addresses in another
NTLM realm.
NTLM realm.
•
Each NTLM realm can join one Active Directory domain only but can authenticate users from any
domains trusted by that domain. This trust applies to other domains in the same forest by default and
to domains outside the forest to which at least a one way trust exists.
domains trusted by that domain. This trust applies to other domains in the same forest by default and
to domains outside the forest to which at least a one way trust exists.
•
Create additional NTLM realms to authenticate users in domains that are not trusted by existing
NTLM realms.
NTLM realms.
About Deleting Authentication Realms
Deleting an authentication realm disables associated identities, which in turn removes those identities
from associated policies.
from associated policies.
Deleting an authentication realm removes it from sequences.
Attribute that Contains
the Group Name
the Group Name
When the group membership attribute is a DN, this specifies the attribute that
can be used as group name in policy group configurations.
can be used as group name in policy group configurations.
Choose one of the following values:
•
cn. A unique identifier in the LDAP directory that specifies the name of
a group.
a group.
•
custom. A custom identifier such as
FinanceGroup
.
Query String to
Determine if Object is
a Group
Determine if Object is
a Group
Choose an LDAP search filter that determines if an LDAP object represents a
user group.
user group.
Choose one of the following values:
•
objectclass=groupofnames
•
objectclass=groupofuniquenames
•
objectclass=group
•
custom. A custom filter such as
objectclass=person
.
Note: The query defines the set of authentication groups which can be used
in Web Security Manager policies.
in Web Security Manager policies.
User Object Setting
Description