Kerio Tech Firewall6 User Manual
Page 215
15.4 Active Directory domains mapping
215
Note: The Windows NT domain cannot be mapped as described. In case of the Windows NT
domain, it is recommended to import user accounts to the local user database (refer to
Domain mapping requirements
The following conditions must be met to enable smooth functionality of user authentication
through Active Directory domains:
•
For mapping of one domain:
1.
The WinRoute host must be a member of the corresponding Active Directory do-
main.
2.
The Active Directory domain controller (server) must be set as the primary DNS
server.
•
For mapping of multiple domains:
1.
The WinRoute host must be a member of one of the mapped domains.
2.
It is necessary that this domain trusts any other domains mapped in WinRoute
(for details, see the documentation regarding the operating system on the corre-
sponding domain server).
3.
For DNS configuration, the same rules are followed as for mapping of a single
domain (DNS server must be a domain server of the domain which the WinRoute’s
host belongs to).
Single domain mapping
To set Active Directory domain mapping, go to the Active Directory tab under User and Groups
→ Users.
If no domain mapping has been defined yet or only one domain is defined, the Active Directory
tab already includes predefined parameters customized for the domain mapping.
Active Directory mapping
In the top part of the Active Directory tab, it is possible to enable/disable mapping of
user accounts from the Active Directory domain to WinRoute.
The Active Directory domain name entry requires full DNS name of the mapped domain
(e.g. company.com, company would not be satisfactory). For your better reference, it
is also recommended to provide a short description of the domain (especially if more
domains are mapped).