Kerio Tech Firewall6 User Manual

Chapter 15

User Accounts and Groups

218

One domain is always set as primary. In this domain, all user accounts where the domain is

not specified, will be searched (e.g. jsmith). Users of other domains must login by username

including the domain (e.g. [email protected]).

Use the Add or the Edit button to define a new domain. This dialog includes the same parame-

ters as the Active Directory tab in administration of an only domain (see above).

Note:

1.

By default, the domain defined first is set as primary. You can use the Set as primary

button to set the selected domain as primary.

2.

Membership of WinRoute in the domain is not necessarily required for primary domains

(see Domain mapping requirements). Settings of the primary domain only define which

users will be allowed to login to WinRoute (i.e. to the web interface, to the SSL-VPN inter-

face, to the WinRoute administration, etc.) using the username without domain.

Collision of Active Directory with the local database and conversion of accounts

During Active Directory domain mapping, collision with the local user database may occur if

a user account with an identical name exists both in the domain and in the local database. If

multiple domains are mapped, a collision may occur only between the local database and the

primary domain (accounts from other domains must include domain names which make the

name unique).

If a collision occurs, a warning is displayed at the bottom of the User Accounts tab. Click

on the link in the warning to convert selected user accounts (to replace local accounts by

corresponding Active Directory accounts).

Figure 15.16

Conversion of user accounts