Managing Authentication Servers
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 263
To add an Active Directory domain:
1. In the Active Directory section, click New.
2. Enter this information:
n
Domain - The domain name.
n
IP address - The IP address of one of the domain controllers of your domain.
n
User name - The user must have administrator privileges to ease the configuration process
and create a user based policy using the users defined in the Active Directory.
n
Password - The user's password.
Note - You cannot use these characters in a password or shared secret: { } [ ] ` ~ | ‘
" \ Maximum number of characters: 255
n
User DN - Click Discover for automatic discovery of the DN of the object that represents that
user or enter the user DN manually.
For example: CN=John James,OU=RnD,OU=Germany,O=Europe,DC=Acme,DC=com
3. Select Use user groups from specific branch only if you want to use only part of the user database
defined in the Active Directory. Enter the branch in the Branch full DN in the text field.
4. Click Apply.
When an Active Directory is defined, you can select it from the table and choose Edit or Delete when
necessary.
When you edit, note that the Domain information is read-only and cannot be changed.
When you add a new Active Directory domain, you cannot create another object using an existing domain.
To configure remote access permissions for all users defined in Active Directory:
By default, users defined in the Active Directory are not given remote access permissions. Instead, in the
VPN > Remote Access Users page all users defined locally or in Active Directories can be selected to be
granted remote access permissions per user.
1. Click permissions for Active Directory users.
2. Select All users in the Active Directory. With this option, it is not necessary to go to the VPN >
Remote Access Users page and select specific users. Note that most Active Directories contain a
large list of users and you might not want to grant them all remote access permissions to your
organization. Usually you keep the Selected Active Directory user groups option and configure
remote access permissions through VPN > Remote Access Users page.
3. Click Apply.
To change synchronization mode with the defined Active Directories:
1. Click Configure in the toolbar of the Active Directory table.
2. Select one of the options - Automatic synchronization or Manual synchronization.
When Manual synchronization is selected, you can sync the user database known to the appliance in
all locations that this user database can be viewed. For example, the Users & Objects > Users page
or the Source picker in the Firewall Rule Base in the Access Policy > Firewall Policy page.
To Next Page
Loading...
Need help?
General
