Cisco Cisco Web Security Appliance S170 사용자 가이드
5-15
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Authentication Realms
Creating an Active Directory Authentication Realm (NTLMSSP and Basic)
Step 1
Choose Network > Authentication.
Step 2
Click Add Realm.
Step 3
Assign a unique name to the authentication realm using only alphanumeric and space characters.
Step 4
Select Active Directory in the Authentication Protocol and Scheme(s) field.
Step 5
Enter up to three fully-qualified domain names or IP addresses for the Active Directory server(s).
Example:
active.example.com
.
An IP address is required only if the DNS servers configured on the appliance cannot resolve the Active
Directory server hostname.
Directory server hostname.
When multiple authentication servers are configured in the realm, the appliance attempts to authorize
with up to three authentication servers before failing to authorize the transaction within this realm.
with up to three authentication servers before failing to authorize the transaction within this realm.
Step 6
Join the appliance to the domain:
a.
Configure the Active Directory Account:
b.
Click Join Domain.
Note
If you attempt to join a domain you have already joined (even if you use the same credentials),
existing connections will be closed, as the Active Directory will send a new set of keys to all
clients including this WSA. Affected clients will need to log off and log back in again.
existing connections will be closed, as the Active Directory will send a new set of keys to all
clients including this WSA. Affected clients will need to log off and log back in again.
c.
Enter the sAMAccountName user name and passphrase for an existing Active Directory user that
has rights to create computer accounts in the domain.
has rights to create computer accounts in the domain.
Example: “jazzdoe” Do not use: “DOMAIN\jazzdoe” or “jazzdoe@domain”
This information is used once to establish the computer account and is not saved.
d.
Click Create Account.
Step 7
(Optional) Configure transparent authentication.
Setting
Description
Active Directory Domain
The Active Directory server domain name.
Also known as a DNS Domain or realm.
Also known as a DNS Domain or realm.
NetBIOS domain name
If the network uses NetBIOS, provide the domain name.
Computer Account
Specify a location within the Active Directory domain where AsyncOS
will create an Active Directory computer account, also known as a
“machine trust account”, to uniquely identify the computer on the domain.
will create an Active Directory computer account, also known as a
“machine trust account”, to uniquely identify the computer on the domain.
If the Active Directory environment automatically deletes computer
objects at particular intervals, specify a location for the computer account
that is in a container, protected from automatic deletion.
objects at particular intervals, specify a location for the computer account
that is in a container, protected from automatic deletion.