About directory services

The Smoothwall’s directory service is designed to let the Smoothwall connect to multiple directory services to retrieve groups configured in directories, and apply network and web filtering permissions to users based on group membership within directories, and to verify the identity of a user who is trying to access network or Internet resources.

Once the connection to a directory service has been configured, the Smoothwall retrieves a list of the groups configured in the directory and maps them to the available groups. When the groups have been mapped, permissions and network access permissions in the filtering and outgoing sections can be granted based on group membership.

Reorder directory servers

If most of your users are in one directory, list that directory first to reduce the number of queries. If using a RADIUS server, make sure that it's listed before the directory server providing group information. You can also drag directories to where you want them. Make sure that you click Save moves when you've finished.

Diagnose directory server problems

You can diagnose directory-level and network problems. Directory-level diagnostics can include, for example, incorrect username or password for domain connect requests or insufficient privileges for domain join requests. Network diagnostics can include, for example, checking Domain Name Services (DNS) Service records (SRV), the records that the Smoothwall uses to locate the domain controllers. However, this is for Active Directory connections only. It can check the TCP connection. All configured host connections are contacted on known ports. Any connection that takes longer than two seconds is marked Unresponsive. It also performs a Kerberos test that verifies that the internal keytabs required for Kerberos authentication are setup and configured correctly for web filter access with Kerberos authentication policies. This is for Active Directory connections only and is run even when Kerberos authentication is not used.