beautypg.com

Kerio Tech Firewall6 User Manual

Page 212

background image

Chapter 15

User Accounts and Groups

212

Active Directory

Use the Enable Active Directory authentication option to enable/disable user authentication at

the local database in the selected Active Directory domain.

The following conditions must be met to enable smooth functionality of user authentication

through Active Directory:

1.

The WinRoute host must be a member of this domain.

2.

The Active Directory domain controller (server) must be set as the primary DNS server.

Note: Users can also be authenticated in any domain set as trustworthy for the particular

domain.

NT domain

Use the Enable NT domain authentication option to enable NTLM authentication for the domain

selected.

Warning

1.

The host where WinRoute is installed must belong to this domain.

2.

Authentication through a corresponding NT domain must be allowed to enable NTLM au-

thentication through web browsers (refer to chapter

10.1

). For the Active Directory domain

(Windows 2000/2003/2008) it is necessary to set authentication both through Active Di-

rectory and NT domain.

Automatic import of user accounts from Active Directory

If Active Directory is used, automatic import of user accounts can be applied. Specific WinRoute

parameters (such as access rights, content rules, data transfer quotas, etc.) can be set by

using the template for the local user database (see chapter

15.1

) or/and they can be defined

individually for special accounts. A corresponding user account will be imported upon the

first login of the user to WinRoute.

Note: This type of user accounts import should, above all, help to keep compatibility with older

versions of WinRoute. It is much easier and more recommended to use transparent support

for Active Directory (domain mapping — refer to chapter

15.4

).

User accounts will be imported from the domain specified in the Active Directory domain name

entry. Click Configure automatic import to set parameters for this function.

For imports of accounts, it is necessary that WinRoute knows the domain server of the corre-

sponding Active Directory domain. WinRoute can either detect it automatically or it can always

connect to a specified server. The automatic connection to the first server available increases

reliability of the connection and eliminates problems in cases when a domain controller fails.