Cisco Cisco Web Security Appliance S170 사용자 가이드

The Active Directory agent instance used for communicating with the Web Security appliance can also 
support other products, such as the adaptive security appliance and other Web Security appliances.

You can find information about downloading, installing, and configuring the Cisco Context Directory 
Agent here: http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda10.html.

The Web Security appliance and Active Directory agents communicate with each other using the 
RADIUS protocol. The appliance and the agent must be configured with the same shared secret to 
obfuscate user passwords. Other user attributes are not obfuscated. 

AsyncOS for Web communicates with the Novell eDirectory Server to maintain an IP address to user 
name mapping. When a user logs into a client machine through the Novell Client, Novell Client 
authenticates the user against the Novell eDirectory Server. When authentication succeeds, the client 
machine IP address is recorded in the Novell eDirectory Server as an attribute (NetworkAddress field) 
of the user who logged into the workstation.

Consider the following rules and guidelines when you identify users transparently using Novell 
eDirectory:

Novell Client must be installed on each client machine, and end users must use it to authenticate 
against a Novell eDirectory server.

The Novell LDAP tree used by the Novell client login must be the same LDAP tree configured in 
the authentication realm. 

If the Novell clients use multiple Novell LDAP trees, create an authentication realm for each tree, 
and then create an authentication sequence that uses each Novell LDAP authentication realm.

When you configure the LDAP authentication realm for Novell eDirectory, you must specify a Bind 
DN for the query credentials. 

Client

Active Directory 

Server

Web Security Appliance

Active Directory 

Agent Installation