• During Windows authentication, data registered in the directory server, such as the user's e-mail
address, is automatically registered in the machine. If user information on the server is changed,
information registered in the machine may be overwritten when authentication is performed.
• Users managed in other domains are subject to user authentication, but they cannot obtain items such
as e-mail addresses.
• If Kerberos authentication and SSL encryption are set at the same time, e-mail addresses cannot be
obtained.
• If you have created a new user in the domain controller and selected "User must change password
at next logon", log in to the machine from the computer to change the password before logging in
from the machine's control panel.
• If the authenticating server only supports NTLM when Kerberos authentication is selected on the
machine, the authenticating method will automatically switch to NTLM.
• Enter the login name and password correctly; keeping in mind that it is case-sensitive.
• The first time you access the machine, you can use the functions available to your group. If you are
not registered in a group, you can use the functions available under "*Default Group". To limit which
functions are available to which users, first make settings in advance in the Address Book.
• A user registered in two or more global groups can use all the functions available to members of those
groups.
• When accessing the machine subsequently, you can use all the functions available to your group and
to you as an individual user.
• If the "Guest" account on the Windows server is enabled, even users not registered in the domain
controller can be authenticated. When this account is enabled, users are registered in the Address
Book and can use the functions available under "*Default Group".
• Under Windows authentication, you can select whether or not to use secure sockets layer (SSL)
authentication.
• To automatically register user information such as e-mail addresses under Windows authentication,
it is recommended that communication between the machine and domain controller be encrypted
using SSL. To do this, you must create a server certificate for domain controller. For details about
creating a server certificate, see p.52 "Creating the Server Certificate".
• Under Windows authentication, you do not have to create a server certificate unless you want to
automatically register user information such as e-mail addresses using SSL.
• To enable Kerberos for LDAP authentication, a realm must be registered beforehand. The realm must
be programmed in capital letters. For details about registering a realm, see "Programming the Realm",
Network and System Settings Reference.
Windows Authentication
47
To Next Page
Loading...
