Avocent Network Device SPC420 User Manual

Chapter 6: Authentication Services 85

optionally including a sub-domain. See To add an Active Directory external authentication
service: on page 82 for an explanation of the valid forms.

8.

In the Group Container field, specify the name of the container to search for user groups. This
will limit the search scope to that container. The name may be entered in several forms,
optionally including a sub-domain. See To add an Active Directory external authentication
service: on page 82 for an explanation of the valid forms.

9.

Specify a Secure Socket Layer (SSL) Encryption mode:

•

Click Do Not Use SSL to have authentication performed using unencrypted clear text
instead of SSL encryption. This method is the least secure.

•

Click Use SSL in Trust All Mode to use SSL encryption for data transmission. All server
certificates will be trusted and automatically accepted by the DSView 3 software for
transmitting data. This SSL method provides medium security.

This encryption mode is not recommended for wide area networks (WANs).

•

Click Use SSL in Certificate-based Trust Mode to use SSL encryption for data
transmission. The DSView 3 software will approve the server and then the certificate
before transmitting data. This SSL method provides maximum security.

10. Click Use an Active Directory Global Catalog to have the AD service access the global catalog

for the specified domain name.

11. Click Use Kerberos for User Authentication to use the Kerberos protocol for authentication

requests, including the browsing. If enabled, you must use DES encryption types for this
account. If an account was created prior to Active Directory, the user’s password must be
changed after this setting is changed. In addition, the Active Directory server addresses must
be resolvable to their host names via DNS.

When this is not checked, the LDAP protocol will be used.

12. Click Allow use of Users/Groups from Trusted Forests to allow logins by users belonging to a

forest that are assigned to groups in a different forest. If enabled, the DSView 3 will query all
trusted forests in the Active Directory service to find the user and user groups to which the
authenticated user belongs.

If you deselect Allow use of Users/Groups from Trusted Forests, any previously discovered
trusted forests will be hidden from the User Authentication Services window and users
belonging to trusted forests will not be permitted to log in.

13. Click Save to save your changes.

•

If you selected Use SSL in Certificate-based Trust Mode, the Certificates heading will
appear in the side navigation bar. Go to step 13.

•

If you selected Do Not Use SSL or Use SSL in Trust All Mode, go to step 16.

14. Click Certificates. The Authentication Service Certificate Management - AD window opens

and list all servers in that domain. A status of Trusted indicates the certificate is trusted, based
on the certificate policy (see System certificate policy and trust store on page 47); Untrusted
indicates the certificate cannot be trusted.