beautypg.com

Avocent Network Device SPC420 User Manual

Page 103

background image

Chapter 6: Authentication Services 83

A Partial Windows 2000 username is specified as username.

A Full Pre-Windows 2000 username is specified as domain\username.

A Partial Pre-Windows 2000 username is specified as username.

This option may only be configured for new authentication servers; it cannot be modified.
Existing authentication servers are set to the Partial Windows 2000 Username type for
compatibility.

e.

Specify a Secure Socket Layer (SSL) encryption mode:

Click Do Not Use SSL to have authentication performed using unencrypted clear text
instead of SSL encryption. This method is the least secure.

Click Use SSL in Trust All Mode to use SSL encryption for data transmission. All
server certificates will be trusted and automatically accepted by the DSView 3
software for transmitting data. This SSL method provides medium security.

This encryption mode is not recommended for wide area networks (WANs).

Click Use SSL in Certificate-based Trust Mode to use SSL encryption for data
transmission. The DSView 3 management software will approve the server and then
the certificate before transmitting data. This SSL method provides maximum security.

f.

Click Use Kerberos for User Authentication to use the Kerberos protocol for
authentication requests, including the browsing. If enabled, you must use DES encryption
types for this account. If an account was created prior to Active Directory, the user’s
password must be changed after this setting is changed. In addition, the Active Directory
server addresses must be resolvable to their host names via DNS.

When this is not checked, the LDAP protocol will be used.

g.

Click Enable Chasing of Referrals to allow the Active Directory server to refer DSView 3
software clients to additional directory servers.

h.

Click Use an Active Directory Global Catalog to have the AD service access the global
catalog for the specified domain name.

i.

Click Allow users and groups from newly discovered trusted forests to allow logins by
users that belong to the authentication service forest or its discovered trusted forests. If
enabled, the DSView 3 will discover all trusted forests in the Active Directory service.

j.

Click Next.

If you selected Use SSL in Certificate-based Trust Mode, go to step 6.

If you selected Do Not Use SSL or Use SSL in Trust All Mode, go to step 8.

6.

The DSView 3 server will try to find a server that has a trusted certificate chain (see System
certificate policy and trust store
on page 47
). If no trusted certificate chain is found, then the
Accept Certificate window will open and list all servers that belong to the domain. It will also
list the reasons for rejection of the certificate chain.

7.

Click Next to accept the certificate.

8.

The Select Browsing Method window will open.