Cisco Cisco Web Security Appliance S660 Mode D'Emploi
5-15
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Authentication Realms
An IP address is required only if the DNS servers configured on the appliance cannot resolve the Active
Directory server hostname.
Directory server hostname.
When multiple authentication servers are configured in the realm, the appliance attempts to authorize
with up to three authentication servers before failing to authorize the transaction within this realm.
with up to three authentication servers before failing to authorize the transaction within this realm.
Step 6
Join the appliance to the domain:
a.
Configure the Active Directory Account:
b.
Click Join Domain.
c.
Enter the sAMAccountName user name and password for an existing Active Directory user that has
rights to create computer accounts in the domain.
rights to create computer accounts in the domain.
Example: “jazzdoe” Do not use: “DOMAIN\jazzdoe” or “jazzdoe@domain”
This information is used once to establish the computer account and is not saved.
d.
Click Create Account.
Step 7
(Optional) Configure transparent authentication.
Step 8
Configure Network Security:
Step 9
(Optional) Click Start Test. This will test the settings you have entered, ensuring they are correct before
real users use them to authenticate.
real users use them to authenticate.
Step 10
Submit and commit your changes.
Setting
Description
Active Directory Domain
The Active Directory server domain name.
Also known as a DNS Domain or realm.
Also known as a DNS Domain or realm.
NetBIOS domain name
If the network uses NetBIOS, provide the domain name.
Computer Account
Specify a location within the Active Directory domain where AsyncOS
will create an Active Directory computer account, also known as a
“machine trust account”, to uniquely identify the computer on the domain.
will create an Active Directory computer account, also known as a
“machine trust account”, to uniquely identify the computer on the domain.
If the Active Directory environment automatically deletes computer
objects at particular intervals, specify a location for the computer account
that is in a container, protected from automatic deletion.
objects at particular intervals, specify a location for the computer account
that is in a container, protected from automatic deletion.
Setting
Description
Enable Transparent
User Identification using
Active Directory agent
User Identification using
Active Directory agent
Enter both the server name for the machine where the primary Context
Directory agent is installed and the shared secret used to access it.
Directory agent is installed and the shared secret used to access it.
(Optional) Enter the server name for the machine where a backup Context
Directory agent is installed and its shared secret.
Directory agent is installed and its shared secret.
Setting
Description
Client Signing Required
Select this option if the Active Directory server is configured to require
client signing.
client signing.
With this option selected, AsyncOS uses Transport Layer Security when
communicating with the Active Directory server.
communicating with the Active Directory server.