Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

[Informational] Unsuccessful SMTP Authentication attempts — including the user authenticated 
and the mechanism used. 

[Warning] Inability to connect to the authentication server — including the server name and the 
mechanism. 

[Warning] A time-out event when the forwarding server (talking to an upstream, injecting appliance) 
times out while waiting for an authentication request.

You can configure the appliance to use an LDAP directory on your network to authenticate users by 
allowing them to log in with their LDAP usernames and passwords. After you configure the 
authentication queries for the LDAP server, enable the appliance to use external authentication on the 
System Administration > Users page in the GUI (or use the 

userconfig

 command in the CLI).

Create a query to find user accounts. In an LDAP server profile, create a query to search for user 
accounts in the LDAP directory.

Create group membership queries. Create a query to determine if a user is a member of a directory 
group.

Set up external authentication to use the LDAP server. Enable the appliance to use the LDAP server 
for user authentication and assign user roles to the groups in the LDAP directory. For more information, 
see “Adding Users” in the “Distributing Administrative Tasks” chapter.

Use the Test Query button on the LDAP page (or the 

ldaptest

 command) to verify that your queries 

return the expected results. For more information, see 

.

To authenticate external users, AsyncOS uses a query to search for the user record in the LDAP directory 
and the attribute that contains the user’s full name. Depending on the server type you select, AsyncOS 
enters a default query and a default attribute. You can choose to have your appliance deny users with 
expired accounts if you have attributes defined in RFC 2307 in your LDAP user records 
(

shadowLastChange

, 

shadowMax

, and 

shadowExpire

). The base DN is required for the domain level 

where user records reside.