Cisco Cisco Web Security Appliance S160 Guía Del Usuario
20-13
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 20 Authentication
Authentication Realms
Related Topics
•
•
•
.
Adding an NTLM Authentication Realm
Before You Begin
•
Compare the current time reading on the Web Security appliance with the current time reading on
the Active Directory server. Verify that the difference is no greater than the time specified in the
“Maximum tolerance for computer clock synchronization” option on the Active Directory server.
When you use Network Time Protocol (NTP) to specify the current time on the Web Security
appliance, the default time server is time.ironport.com .
the Active Directory server. Verify that the difference is no greater than the time specified in the
“Maximum tolerance for computer clock synchronization” option on the Active Directory server.
When you use Network Time Protocol (NTP) to specify the current time on the Web Security
appliance, the default time server is time.ironport.com .
•
If the network uses NetBIOS, use the
setntlmsecuritymode
CLI command to verify that the NTLM
security mode is set to “domain”. Otherwise, you will not have the opportunity to provide the
NetBIOS domain name.
NetBIOS domain name.
•
If you plan to configure transparent user identification using Active Directory agent, verify that
Active Directory agent is installed on at least one computer that can access the Active Directory
server.
Active Directory agent is installed on at least one computer that can access the Active Directory
server.
Step 1
Navigate to Network > Authentication.
Step 2
Click Add Realm.
Step 3
Name the authentication realm.
All sequence and realm names must be unique and only contain alphanumeric characters or the space
character. Also, if the Web Security appliance is managed by a Security Management appliance, ensure
that same-named authentication realms on different Web Security appliances have identical properties
defined on each appliance.
character. Also, if the Web Security appliance is managed by a Security Management appliance, ensure
that same-named authentication realms on different Web Security appliances have identical properties
defined on each appliance.
Step 4
Select NTLM in the Authentication Protocol and Scheme(s) field.
Step 5
Enter up to three fully-qualified domain names or IP addresses for the Active Directory server(s).
Example:
ntlm.example.com
.
An IP address is required only if the DNS servers configured on the appliance cannot resolve the Active
Directory server hostname.
Directory server hostname.
When multiple authentication servers are configured in the realm, the appliance attempts to authorize
with up to three authentication servers before failing to authorize the transaction within this realm.
with up to three authentication servers before failing to authorize the transaction within this realm.
Step 6
Join the appliance to the domain:
a.
Configure the Active Directory Account:
Setting
Description
Active Directory Domain
The Active Directory server domain name.
Also known as a DNS Domain or realm.
Also known as a DNS Domain or realm.