Configuring ad authentication – H3C Technologies H3C MSR 50 User Manual

Page 453

Advertising
background image

68

Configuring AD authentication

Active Directory (AD) is a directory service provided by Windows 2000 Server and later versions. It

saves information of objects on a network and allows administrators and users to query the information.

AD uses structured data storage, which is the basis of the directory information logical structure. The SSL
VPN system can cooperate with the existing AD server of an enterprise seamlessly to provide AD

authentication for users in the enterprise.
For successful AD authentication of a user, you must also configure the user information on the AD

authentication server, create user groups, and add the user to the user groups. Make sure the user groups

configured on the authentication server exist on the SSL VPN gateway. Otherwise, the user cannot log in.
The number of user groups that the gateway supports for a user has a limit. Make sure the number of user

groups specified for a user on the authentication server is equal to or less than the limit.

1.

Select VPN > SSL VPN > Domain Management > Authentication Policy from the navigation tree.

2.

Click the AD Authentication tab. The LDAP authentication configuration page appears.

Figure 442 AD authentication

3.

Configure the AD authentication settings as described in

Table 186

.

4.

Click Apply.

Table 186 Configuration items

Item Description

Enable AD
authentication

Select this item to enable AD authentication.

AD Domain Name

Enter the name of the AD domain.

AD Server IP

Enter the IP addresses of the AD servers.
You can specify four AD servers at most. When one server fails, the system uses another
server to authenticate users. The system selects the specified servers in the configuration

order of the servers. The first configured server has the highest priority.

Authentication Mode

Select an authentication mode for AD authentication. Options include Password,
Password+Certificate, and Certificate.

Server Recovery Time Set the interval at which the system checks whether the failed AD server recovers.

Admin Username

Set an administrator account. It must be a user account that has the directory search
right in the User directory in the AD domain.

Advertising
This manual is related to the following products:

H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900

Popular Brands
Popular manuals