Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

15.4 User accounts in Active Directory — domain mapping

207

Figure 15.13

Advanced options for cooperation with the Active Directory.

If WinRoute is installed on Windows, it is possible to allow authentication compatible with

older systems (i.e. authentication via the Windows NT domain). This option is required

if the domain server uses Windows NT or if any of the clients in the local network uses

Windows of older edition than Windows 2000. In Software Appliance / VMware Virtual

Appliance, this option is not available (authentication in Windows NT domain is not sup-

ported).

Then, the settings include an option of automatic import of user accounts from the Active

Directory to the local database (upon the first logon of user to the firewall by their domain

name and password, an account with the same name will be created in the local database

automatically). This option is available above all to keep the environment compatible with

older WinRoute versions. In new installations it is strongly recommended to use domain

mapping — administration of users is much more simple and much less time consuming.

For details, see the Administrator’s Guide for older versions of WinRoute (versions 6.7.0

or lower).

Selection of a domain server

In the default configuration, WinRoute automatically detects domain servers for the spec-

ified domain and uses the first detected server for connection to the Active Directory.

Automatic detection simplifies configuration significantly (it is not necessary to specify

IP addresses of individual domain servers).

If necessary, you can specify name of IP address of a specific domain server. In such case,

WinRoute will not perform automatic detection and will always connect to the specified

server only.