Cisco Cisco Web Security Appliance S170 사용자 가이드

If Secure LDAP is selected, the appliance ensures the LDAP server supports secure LDAP.

It performs an LDAP query using the supplied Base DN, User Name Attribute, and User Filter Query.

If the realm includes Bind Parameters, the appliance validates them by forming an LDAP query with the 
Bind Parameters.

If Group Authorization is provided, the appliance ensures that the specified group attributes are valid by 
fetching the groups from the server.

The appliance performs the following steps when you test NTLM authentication settings:

It ensures that the specified Active Directory server is reachable and responds to queries.

It ensures that a DNS lookup on the Active Directory domain is successful since the Active Directory 
domain must be a DNS domain name and not a WINS domain name.

It ensures the system time of the appliance and the system time of the Active Directory server are within 
three minutes of each other. 

It validates the user credentials by generating a kerberos ticket.

It validates whether the user has the proper privileges to add the Web Security appliance to the Active 
Directory domain.

It validates whether you can fetch the groups within the domain.

You verify the authentication settings in the Test Current Settings section when you create or edit an 
authentication realm.

shows where you verify the authentication settings in the web interface.

After you enter all settings, click Start Test. The appliance uses the connection information entered to 
attempt to connect to the authentication server. It displays the status of the test below Start Test.

Start Test changes to Stop Test while the appliance tests the settings against the authentication servers. 
If the testing takes too much time and you already know it is going to fail, you can click Stop Test to 
stop the testing process and edit the settings.

 shows the testing results for an LDAP authentication realm.