Cisco Cisco Web Security Appliance S370 Guía Del Usuario

(Optional) Click Start Test. This will test the settings you have entered, ensuring they are correct before 
real users use them to authenticate. For details on the testing performed, see 

.

Once you submit and commit your changes, you cannot later change a realm’s authentication protocol.

Submit and commit your changes.

The following rules apply in regard to using multiple NTLM realms and domains:

You can create up to 10 NTLM authentication realms.

The client IP addresses in one NTLM realm must not overlap with the client IP addresses in another 
NTLM realm. 

Each NTLM realm can join one Active Directory domain only but can authenticate users from any 
domains trusted by that domain. This trust applies to other domains in the same forest by default and 
to domains outside the forest to which at least a one way trust exists.

Create additional NTLM realms to authenticate users in domains that are not trusted by existing 
NTLM realms.

Deleting an authentication realm disables associated identities, which in turn removes those identities 
from associated policies.

Deleting an authentication realm removes it from sequences.

Attribute that Contains 
the Group Name

When the group membership attribute is a DN, this specifies the attribute that 
can be used as group name in policy group configurations.

Choose one of the following values:

cn. A unique identifier in the LDAP directory that specifies the name of 
a group.

custom. A custom identifier such as 

FinanceGroup

.

Query String to 
Determine if Object is 
a Group

Choose an LDAP search filter that determines if an LDAP object represents a 
user group.

Choose one of the following values:

objectclass=groupofnames 

objectclass=groupofuniquenames 

objectclass=group 

custom. A custom filter such as 

objectclass=person

.

Note: The query defines the set of authentication groups which can be used 
in Web Security Manager policies.