• No results found

Chapter Thirteen (b): Using Active Directory Integration

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Chapter Thirteen (b): Using Active Directory Integration"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

Chapter Thirteen (b): Using Active Directory Integration

Summary of Chapter:

How to add a ‘User’ to your Net/Cache/SecurePilot that will match your Active Directory ‘Security Group’.

How to set-up your Net/Cache/SecurePilot to use Active Directory Integration on a Windows 2000/2003 Server.

What you need:

Knowledge of admin user account and valid password for your ‘Pilot. Active Directory turned on, on your PC of Windows XP or higher

Software Revision Required:

Applicable to software revision 4.1.4 > on Net/Cache/SecurePilots

Please make sure that the date and time on the Active Directory Server and NetPilot are within 5 mins with each other, otherwise the below setup will not operate as desired!

Using Active Directory integration:

Select the ‘Start’ button on the main screen of your Active Directory Server. Then select ‘Programs’, ‘Administrative Tools’ and then ‘Active Directory Users and Computers’ as highlighted below:

You will be presented with a similar screen as below:

Select your Active Directory Domain, as highlighted in the left column.

Please take note of your Active Directory Domain as this is needed later to enter into the NetPilot.

You will see a similar screen as shown left, double click the ‘Users’ folder. (Highlighted in the right column).

Adding a Security Group:

The name of the ‘Security Group’ entered below will be needed later for the ‘User’ entered into the Net/Cache/SecurePilot.

Once you have opened the ‘Users’ folder you will see a similar screen as below.

Right click on the ‘Users’ folder in the left hand column as shown left. Then select ‘New’ and ‘Group’.

(2)

The ‘New Object – Group’ window will open, as shown below:

Enter a name for your ‘Security Group’, this will be needed later for the ‘User’ you enter into your Net/Cache/SecurePilot.

Select ‘OK’

You can add more ‘Security Groups’ by repeating this process, but these will also need to be added as ‘Users’ on the ‘Pilot (shown later) to allow the two to be matched.

Configuring a User:

If users have already entered users please move on to ‘Adding users to the Security Group’ section.

Due to the limitations of Active Directory, do not use spaces when entering the user logon name and passwords below.

Right click on the ‘User’ folder again in the left hand column. Then select ‘New’ and then ‘User’, as shown below:

A ‘New Object – User’ window will open. In the new window:

Enter the relevant details of the user.

When entering the user’s logon name, make sure all the others are in similar format, so it is easier to remember, i.e.

johnsmith@domain or jsmith@domain.

When you have entered in all the details above select ‘Next’ The next screen is shown below:

Enter a secure password (must contain a number, upper and lower case and must be more than 8 characters long).

Select a tick box option. Select ‘Next’

(3)

Adding Users to the ‘Security Group’:

You should now see the users and the ‘Security Groups’ you have created in the list in the right-hand column.

Right click one of the ‘Security Groups’ and select ‘Properties’, as shown on the left.

You will see this window open:

Select the ‘Members’ tab (highlighted left)

You will see this screen below; select the ‘Add’ button, as highlighted:

In the new window select Advanced…’ (Highlighted below)

In the next window that opens (shown below), select the ‘Find Now’ button, which is highlighted.

Once you have selected this button ‘search results’ will appear at the bottom.

Find a user, as highlighted in the list and double click it.

If you want to add more then one user, select the different ‘Users’ from the list, so that they are highlighted and then select the ‘OK’ button.

(4)

The user’s selected will show in the below window. To select more from here, select the ‘Advanced...’ button again.

Once you have finished, select ‘OK’ and ‘OK’ again.

Repeat the above process to add the correct users into the different ‘Security Groups’ you have created. I.e. Student users into the ‘Security Group Students’ and Teachers into the ‘Security Group Teachers’.

Adding a User:

Log on to your Net/Cache/SecurePilot as shown in Chapter One (b).

Select the ‘User Account’ button on the left hand side, then the ‘Users’ button at the top of the screen and then the ‘Add’ button (all buttons are highlighted below).

You will be presented with this screen shown below:

The ‘User name’ entered left must be the same as the ‘Security Group’ in the Active Directory. This will allow the ‘User’ to be mapped to the ‘Security Group’ within the Active Directory. I.e. ‘SecurityGroupStudents’ or

‘SecurityGroupTeachers’.

This password isn’t used for Active Directory. However, it is used on the fileshare of the unit; therefore it will need to be secure.

Select the appropriate ‘Group’, from the list.

The ‘Group’ contains the ‘Site Lists you assigned to it or created within Chapter 13(a). The ‘Site Lists’ enclose the options to allow or block certain URLs. For more information on this please see Chapter 13(a).

(5)

Setting up Active Directory on the ‘Pilot:

Select the ‘Web’ button on the left hand-side of the screen, then the ‘Advanced’ button at the top of the screen, and then the ‘Active Directory’ link. (Both buttons and link are

highlighted below).

You will be presented with the Active Directory screen as shown below:

‘Server Address’: Enter your IP Address of your Active Directory Server

‘Domain’: Enter your Active Directory Domain (Which you noted down earlier) ‘User’ and ‘Password’: Enter a User and Password that has the properties of an Administrator on the Active Directory Server.

If you want to change the User name and Password, you must change this in the Active Directory first.

The screen below has the default Administrator highlighted. You can change the details here, or create another user with admin rights.

Select ‘OK’ in the Active Directory screen. You will be presented with the below screen:

(6)

You will see the screen below.

Select from the three options on the left, which device is going to do the authentication.

Once you have chosen an option select the ‘OK’ button.

You will be presented with the screen below:

You may need to select ‘authorised users’ for the web proxy service on your firewall. So select ‘Next’, as highlighted left.

You will now be presented with two drop-down lists, as shown below:

Select ‘accept: url-filter, authorised users’ from the drop-down list of the Trust Group that you wish to use.

When the Users try and access the Internet they will not be asked for Username and Password. They will be authenticated from the log on details they entered at the beginning of their PC session. Select ‘OK’ and ‘OK’ again to confirm the settings you have made.

Five tips:

To check that the connection of the Active Directory was successful or not. Select ‘Logs’ on the left menu, and then the ‘System’ button from the top of the screen. (Both buttons are highlighted below:

If it was successful you will see something similar to this in the logs:

Apr 21 11:24:32 winbind: winbindd shutdown succeeded

Apr 21 11:24:32 kinit: Password for administrator@ school.domain:

Apr 21 11:24:32 winbind: Obtaining Kerberos ticket for school.domain: succeeded Apr 21 11:24:32 named[7886]: XX+/127.0.0.1/np-54-89-95-web.example.com/A/IN Apr 21 11:24:32 net: [2006/04/21 11:24:32, 0] libads/ldap.c:ads_add_machine_acct(1405)

(7)

If it wasn’t successful you will see something similar to this in the logs:

Apr 26 09:38:02 winbind: Obtaining Kerberos ticket for school.domain: failed Apr 26 09:38:17 net: [2006/04/26 09:38:17, 0] utils/net_ads.c:ads_startup(186) Apr 26 09:38:17 net: ads_connect: Interrupted system call

Apr 26 09:38:17 winbind: Joining school.domain domain: failed

If the connection is unsuccessful, please check the domain name and details entered are correct.

To view your Net/Cache/SecurePilot in your Network Neighbourhood:

Select the ‘Maintenance’ button from the left-hand menu, then the ‘Services’ button from the top of the screen and the ‘WorkGroup’ link. (Both buttons and link are highlighted below)

Enter the short-name of your Active Directory Domain in the text box provided.

When the Net/Cache/SecurePilot is being used as a Proxy, the user will not be prompted for a Username and Password when accessing the Internet as this is automatically done in the background.

If you have problems with the Active Directory/LDAP queries, please make sure that the clock on the Net/Cache/SecurePilot and the server is synchronised.

If you need any help with this, the following link http://support.microsoft.com/kb/816042 will tell you how to setup NTP on a windows 2003 unit

If any changes are made to the Security Group or Users in Active Directory, please clear the cache on the Net/Cache/SecurePilot so these changes can be activated.

References

Download now ( PDF - 7 Page - 847.06 KB )

Related documents

Integrating OID/SSO with E- Business Suite and Third-Party SSO Solutions. Presented by Paul Jackson (Norman Leach)

Enter the LDAP Port on Oracle Internet Directory server. Enter the Oracle Internet Directory Administrator (orcladmin) Bind

How To Manage Spam On A Webmail Website On A Pc Or Mac Or Mac (For A Webcomic) On A Mac Or Ipa (For An Ipa) On An Ipam (For Free) On Your Pc Or Ipam

To login into SonicWALL Email Security Software, users enter their Active Directory username and their password and selects the Windows Domain to which they belong. This list

Device Enrollment Guide

In the Let’s get you signed in window, enter an Azure Active Directory account and password, then click Sign in.. Page 41

CLEO NED Active Directory Integration. Version 1.2.0

The password of the user created in Section 2.1 [Active Directory User Account],..

SonicWALL Security Appliance Administrator Guide

To login into SonicWALL Email Security, users enter their Active Directory username and their password and selects the Windows Domain to which they belong.. This list of domains

BroadWorks Hosted Thin Call Center Agent/Supervisor

2) Enter your BroadWorks user ID in user@domain format and enter your password. If you are unsure of your user ID or password, contact your administrator. You can also enter just

External Partner and Customer Login Instructions via myngc Portal

‘Old Password’: Enter your temporary directory password that was emailed to you and used in Step 5.. ‘New Password’: Enter a new password that is at least 8

Impact of a Nordic diet on psychological function in young students

Adherence to the ND showed no significant relationship with any of the factors of psychological function including cognitive abilities, depression, anxiety,