advertisement
User Accounts
2. Click the Browse button to find and load a sdconf.rec
file.
3. Click Upload .
4. Select Configuration > Network > Interfaces to enable SecurID on a network interface.
5. Ensure that the WatchGuard XCS domain name is listed in your DNS server.
SecurID authentication may not work properly if a DNS record does not exist.
6. Click Apply .
Remote Accounts and Directory Authentication
Directory authentication allows users to be authenticated without having a local account. When an unknown user logs in, the system sends the User ID and password to the specified LDAP or RADIUS server. If the user is authenticated, the WatchGuard XCS will log them in and provide access to the specified server or servers.
LDAP and RADIUS are widely used, and provide a convenient way of allowing access to internal mail servers or webmail servers such as Outlook Web Access. Users who login locally to an Exchange server based on an
Active Directory identity can use the same identity to use Outlook Web Access with the Secure WebMail service.
If both LDAP and RADIUS services are defined, the system will try to authenticate via RADIUS first, and then
LDAP if the RADIUS authentication fails.
Configuring LDAP authentication
To use LDAP for authentication:
1. Select Administration > Accounts > Remote Authentication .
2. Click the New button in the LDAP Sources section to define a new LDAP source.
User Guide
3. In the Directory Server field, select a configured LDAP directory server for authentication.
4. In the Search Base field, enter the starting base point to start the search from, such as cn=users,dc=example,dc=com.
5. In the Scope field, enter the scope of the search.
Base — Searches the base object only.
One Level — Searches objects one level beneath the base object, but excludes the base object.
Subtree — Searches the entire subtree of which the base distinguished name is the topmost object, including that base object.
257
advertisement
Related manuals
advertisement