Reviewing Active Directory (legacy method) settings
Note: New installations should NOT use this method. This is the legacy method for configuring an Active Directory. The information contained here is for informational purposes only for older customers.
Setting | Description |
---|---|
Enabled | Indicates if the directory connection is active. |
Tenants | The tenant that this directory service belongs. Appropriate network and filtering permissions are applied to those users from that tenant. Tenant administrators, that is, users who administer tenant operations via the Smoothwall User Portal, use their directory service username to log on to the Smoothwall User Portal. The username is part of the directory service specified here. |
Type | This is the Active Directory legacy method. |
Active Directory server |
The directory server’s full host name. Note: For Microsoft Active Directory, the Smoothwall System needs DNS servers that can resolve the Active Directory server host names. Often, these are the same servers that hold the Active Directory. The Active Directory DNS servers will need a reverse lookup zone with pointer (PTR) records for the Active Directory servers for a successful lookup to be able to take place. Refer to the Microsoft DNS server help if you need assistance in setting up a reverse lookup zone, see our help topic, Adding new DNS forwarders or hosts. |
Username | The username of a valid account. The username without the domain. The domain is added by the Smoothwall automatically. In a multidomain environment, the username is a user in the top-level domain. |
Password | The password of a valid account. |
Confirm | The password confirmed. |
Kerberos realm | The Kerberos realm used. |
User search root |
Automatic means that the Smoothwall starts to look for user account at the top level of the directory. Otherwise, it starts looking at the entered user search root, for example: ou=myusers,dc=mydomain,dc=local search root. Note: When working with multidomain environments, the user search root must be set to the top-level domain. |
Group search root | Automatic means that the Smoothwall starts to look for user account at the top level of the directory. Otherwise, it starts looking at the entered user search root, for example: ou=mygroups,dc=mydomain,dc=local. |
Advanced options » | Expands the view to show the advanced options. |
Cache timeout (minutes) | The default of 10 minutes or a specified length of time that the Smoothwall Filter and Firewall keeps a record of directory-authenticated users in its cache. The Smoothwall Filter and Firewall doesn't need to query the directory server for users if their records are still in the cache. A short cache time-out increases the load on the directory server. A long cache time-out means that old passwords and groups are valid for longer, that is, until the cache time-out has been passed. |
LDAP port | The default or the LDAP port to use. |
Discover Kerberos realms through DNS | Uses DNS to discover Kerberos realms. Using DNS to discover realms configures the Smoothwall to try to find all the domains in the directory server by querying the DNS server that holds the directory information. |
Use sAMAccountName | Controls whether to consult the sAMAccountName attribute or the userPrincipleName attribute when trying to resolve a username. If enabled, enter the sAMAccountName to override the userPrincipleName in the Username box. |
Extra user search roots | With this option you can enter directory-specific user search paths when working with a large directory structure, which contains multiple OUs and many users. Enter search roots one per line. |
Extra group search roots | Where in the directory the Smoothwall should start looking for more user groups. Enter search roots one per line. |
Extra realms | With this setting you can configure subdomains manually, as opposed to automatically, using DNS. |