Cisco Cisco Web Security Appliance S170 사용자 가이드
21-16
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 21 Authentication
Testing Authentication Settings
Step 2
If Secure LDAP is selected, the appliance ensures the LDAP server supports secure LDAP.
Step 3
It performs an LDAP query using the supplied Base DN, User Name Attribute, and User Filter Query.
Step 4
If the realm includes Bind Parameters, the appliance validates them by forming an LDAP query with the
Bind Parameters.
Bind Parameters.
Step 5
If Group Authorization is provided, the appliance ensures that the specified group attributes are valid by
fetching the groups from the server.
fetching the groups from the server.
NTLM Testing
The appliance performs the following steps when you test NTLM authentication settings:
Step 1
It ensures that the specified Active Directory server is reachable and responds to queries.
Step 2
It ensures that a DNS lookup on the Active Directory domain is successful since the Active Directory
domain must be a DNS domain name and not a WINS domain name.
domain must be a DNS domain name and not a WINS domain name.
Step 3
It ensures the system time of the appliance and the system time of the Active Directory server are within
three minutes of each other.
three minutes of each other.
Step 4
It validates the user credentials by generating a kerberos ticket.
Step 5
It validates whether the user has the proper privileges to add the Web Security appliance to the Active
Directory domain.
Directory domain.
Step 6
It validates whether you can fetch the groups within the domain.
Testing Authentication Settings in the Web Interface
You verify the authentication settings in the Test Current Settings section when you create or edit an
authentication realm.
authentication realm.
shows where you verify the authentication settings in the web interface.
Figure 21-4
Network > Authentication Page — Test Current Settings Section
After you enter all settings, click Start Test. The appliance uses the connection information entered to
attempt to connect to the authentication server. It displays the status of the test below Start Test.
attempt to connect to the authentication server. It displays the status of the test below Start Test.
Start Test changes to Stop Test while the appliance tests the settings against the authentication servers.
If the testing takes too much time and you already know it is going to fail, you can click Stop Test to
stop the testing process and edit the settings.
If the testing takes too much time and you already know it is going to fail, you can click Stop Test to
stop the testing process and edit the settings.
shows the testing results for an LDAP authentication realm.