Cisco Cisco Web Security Appliance S160 Guia Do Utilizador
5-7
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Authentication Realms
Step 3
Assign a unique name to the authentication realm using only alphanumeric and space characters.
Step 4
Select Active Directory in the Authentication Protocol and Scheme(s) field.
Step 5
Enter up to three fully-qualified domain names or IP addresses for the Active Directory server(s).
Example:
active.example.com
.
An IP address is required only if the DNS servers configured on the appliance cannot resolve the Active
Directory server hostname.
Directory server hostname.
When multiple authentication servers are configured in the realm, the appliance attempts to authorize
with up to three authentication servers before failing to authorize the transaction within this realm.
with up to three authentication servers before failing to authorize the transaction within this realm.
Step 6
Join the appliance to the domain:
a.
Configure the Active Directory Account:
b.
Click Join Domain.
c.
Enter the sAMAccountName user name and password for an existing Active Directory user that has
rights to create computer accounts in the domain.
rights to create computer accounts in the domain.
Example: “jazzdoe” Do not use: “DOMAIN\jazzdoe” or “jazzdoe@domain”
This information is used once to establish the computer account and is not saved.
d.
Click Create Account.
Step 7
(Optional) Configure transparent authentication.
Setting
Description
Active Directory Domain
The Active Directory server domain name.
Also known as a DNS Domain or realm.
Also known as a DNS Domain or realm.
NetBIOS domain name
If the network uses NetBIOS, provide the domain name.
Tip
If this option is not available use the
setntlmsecuritymode
CLI
command to verify that the NTLM security mode is set to
“domain”.
“domain”.
Computer Account
Specify a location within the Active Directory domain where AsyncOS
will create an Active Directory computer account, also known as a
“machine trust account”, to uniquely identify the computer on the domain.
will create an Active Directory computer account, also known as a
“machine trust account”, to uniquely identify the computer on the domain.
If the Active Directory environment automatically deletes computer
objects at particular intervals, specify a location for the computer account
that is in a container, protected from automatic deletion.
objects at particular intervals, specify a location for the computer account
that is in a container, protected from automatic deletion.
Setting
Description
Enable Transparent
User Identification using
Active Directory agent
User Identification using
Active Directory agent
Enter both the server name for the machine where the primary Active
Directory agent is installed and the shared secret used to access it.
Directory agent is installed and the shared secret used to access it.
(Optional) Enter the server name for the machine where a backup Active
Directory agent is installed and its shared secret.
Directory agent is installed and its shared secret.