Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Chapter 15

User Accounts and Groups

206

The first page of the wizard requires the full name of the Active Directory domain (e.g.

company.com

) and name and password of a user with rights to add hosts to domains.

If WinRoute cannot find the domain server of the specified domain automatically, it requires

specification of its IP address in the next step. Then the user gets informed about the result

of the attempt to add the firewall to the domain.

Primary domain mapping

To set mapping of the primary domain (the domain of which the firewall host is a member),

use option Use domain user database. For connection to the domain server, it is required to

enter username and password of an account with read rights for the user database (any user

account of the domain can be used, unless it is blocked).

Figure 15.12

Primary domain mapping

Advanced Options

Method of cooperation between WinRoute and the Active Directory can be customized by some

advanced options.

Domain mapping vs domain user authentication

The recommended method of cooperation with the Active Directory is domain mapping

(user accounts are saved and managed only in the Active Directory). However, this can

be undesirable under certain circumstances. For example if the Active Directory is imple-

mented in a network where the Windows NT domain or no domain has been used, user

accounts are already created in the WinRoute’s local database. In such case, the best so-

lution is to keep the local accounts and set only authentication in the Active Directory (so

that users can use the same password both for the domain and the firewall).