Active directory authentication, Active directory authentication -10 – NETGEAR ProSafe SSL312 User Manual

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

3-10

Authenticating Users

v1.1, November 2006

6. To force users to supply a valid digital certificate before granting access, check the Require

client digital certificates radio box. The CNAME of the client certificate must match the user
name that the user supplies to log in and the certificate must be generated by a certificate
authority (CA) that is trusted by SSL VPN Concentrator.

7. Click Apply to update the configuration. Once the domain has been added, the domain

displays in the table on the Domains screen.

Active Directory Authentication

Active Directory authentication servers support a group and user structure that can be queried
when an Active Directory user logs in. This means that you can create policies and bookmarks for
Active Directory users at the group level, without needing to define Active Directory users in the
SSL VPN Concentrator. When a user logs in, if no corresponding user name is configured in the
the local database, then SSL VPN Concentrator will query the Active Directory server for the list
of groups that the user belongs to. If any of the same groups are defined in the SSL VPN
Concentrator, then policies and bookmarks for the first Windows Active Directory group that
matches a group configured in the SSL VPN Concentrator will be applied to the user.

Once you create an Active Directory domain, you can add groups that correspond with groups on
your Active Directory server. If the Active Directory user is configured in the SSL VPN
Concentrator, then the SSL VPN Concentrator will ignore the group information provided by the
Active Directory and, instead, implement policies and bookmarks based on the user settings and
the settings of the group to which the user belongs.

Configuring for Windows Active Directory Authentication

To configure Windows Active Directory authentication:

1. Click Add Domain. An Add Domain window displays.

Note: Because other authentication services do not have the same hierarchal structure and

group definitions as Active Directory, if you want to apply specific policies or
bookmarks to a group of RADIUS, NT, or LDAP users, you must add each user on
the Users and Groups screen.

Note: Of all types of authentication, Active Directory authentication is the most error

prone. If you are unable to authenticate using Active Directory, please read the
troubleshooting procedure at the end of this section.