Raritan Computer Home Security System 用户手册
Chapter 12: Remote Authentication
165
AD General Settings
In the General tab, you must add the information that allows CC-SG to
query the AD server.
query the AD server.
Do not add duplicate AD modules. If your users see a message that says
"You are not a member of any group" when attempting to login, you may
have configured duplicate AD modules. Check the modules you have
configured to see if they describe overlapping domain areas.
"You are not a member of any group" when attempting to login, you may
have configured duplicate AD modules. Check the modules you have
configured to see if they describe overlapping domain areas.
1. Type the AD domain you want to query in the Domain field. For
example, if the AD domain is installed in the xyz.com domain, type
xyz.com in the Domain field. CC-SG and the AD server you want to
query must be configured either on the same domain or on different
domains that trust each other.
xyz.com in the Domain field. CC-SG and the AD server you want to
query must be configured either on the same domain or on different
domains that trust each other.
Note: CC-SG will query all known domain controllers for the domain
specified.
specified.
2. Type the IP addresses of the Primary and Secondary DNS servers in
the Primary DNS Server IP Address and Secondary DNS Server IP
Address fields respectively, or select the Use default CC-SG DNS
checkbox to use the DNS configured in the Configuration Manager
section of CC-SG. See
Address fields respectively, or select the Use default CC-SG DNS
checkbox to use the DNS configured in the Configuration Manager
section of CC-SG. See
Advanced Administration
(on page 206).
3. Select the Anonymous Bind checkbox if you want to connect to the
AD server without specifying a username and password. If you use
this option, ensure that the AD server allows anonymous queries.
this option, ensure that the AD server allows anonymous queries.
Note: By default, Windows 2003 does NOT allow anonymous
queries. Windows 2000 servers do allow certain anonymous
operation whose query results are based on the permissions of each
object.
queries. Windows 2000 servers do allow certain anonymous
operation whose query results are based on the permissions of each
object.
4. If you are not using anonymous binding, type the username of the
user account you want to use to query the AD server in the "User
name" field. The format required depends on your AD version and
configuration. Use one of the following formats.
name" field. The format required depends on your AD version and
configuration. Use one of the following formats.
A user named User Name with a login name UserN in the
raritan.com domain could be entered as:
raritan.com domain could be entered as:
cn=UserName,cn=users,dc=Raritan,dc=com
UserName@raritan.com
Raritan/UserName
Note: The user specified must have permission to execute search
queries in the AD domain. For example, the user may belong to a
group within AD that has Group scope set to Global, and Group type
set to Security.
queries in the AD domain. For example, the user may belong to a
group within AD that has Group scope set to Global, and Group type
set to Security.