Cisco Cisco Web Security Appliance S170 사용자 가이드

Before installing and configuring the Active Directory Agent, carefully read the documentation for 
the Active Directory Agent: 

Installation and any other release notes for Active Directory Agent: 

http://www.cisco.com/en/US/products/ps6120/prod_release_notes_list.html

 

Installation and Setup Guide for the Active Directory Agent: 

http://www.cisco.com/en/US/products/ps6120/prod_installation_guides_list.html

 

Verify that your environment meets all requirements for installation and use, including the supported 
Active Directory versions and all preinstallation requirements in the Active Directory Agent 
documentation. 

Download the Cisco Active Directory Agent: Go to http://www.cisco.com and search for 
“AD_Agent”. 

Install the Active Directory Agent on a machine on the network that is accessible to the Web 
Security appliance and can communicate with all Windows domain controllers in the forest. For best 
performance, this machine should be as close as possible to the Web Security appliance on the 
network. Be sure to follow installation instructions in the Active Directory Agent documentation.

From the Active Directory Agent command line prompt, add your Active Directory server to the 
Active Directory Agent as a Domain Controller using the 

adacfg dc create 

command. 

From the Active Directory Agent command line prompt, add the Web Security appliance to the 
Active Directory Agent as a client using the 

adacfg client create 

command.

Optionally, you can verify the server and client were successfully added using the 

adacfg dc list

 

and 

adacfg client list

 commands.

Record the shared secret configured during the Active Directory Agent installation. You must enter 
the shared secret on the Web Security appliance when you configure the NTLM authentication 
realm. 

The Web Security appliance and the Active Directory Agent communicate with each other using the 
RADIUS protocol. The appliance and the agent must be configured with the same shared secret to 
obfuscate user passwords. Other user attributes are not obfuscated. 

AsyncOS for Web communicates with the Novell eDirectory Server to maintain an IP address to user 
name mapping. When a user logs into a client machine through the Novell Client, Novell Client 
authenticates the user against the Novell eDirectory Server. When authentication succeeds, the client 
machine IP address is recorded in the Novell eDirectory Server as an attribute (NetworkAddress field) 
of the user who logged into the workstation.

Consider the following rules and guidelines when you identify users transparently using Novell 
eDirectory:

Novell Client must be installed on each client machine, and end users must use it to authenticate 
against a Novell eDirectory server.

The Novell LDAP tree used by the Novell client login must be the same LDAP tree configured in 
the authentication realm. 

If the Novell clients use multiple Novell LDAP trees, create an authentication realm for each tree, 
and then create an authentication sequence that uses each Novell LDAP authentication realm.