Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Security > Content Gateway user authentication > Rule-Based Authentication > Rule-based authentication Domain list
Rule-based authentication Domain list
Help | Content Gateway | Version 8.1.x
To use rule-based authentication, you create and maintain a Domain List. There must be at least one domain on the list before an authentication rule can be defined.
When a domain is added to the list, the authentication method is specified.
When a rule is defined, the domain or domains are selected from the domain list.
Supported domain types include:
*
*
*
Domain specification configuration summary:
1.
Rule-based authentication must be enabled (Configure > My Proxy > General).
2.
On Configure > Security > Access Control > Domains, click New Domain.
3.
4.
5.
6.
See:
*
*
*
Adding an Active Directory domain for use with IWA
Active Directory (AD) domains to be used with IWA must be joined by both Content Gateway and directory members (clients).
To join a domain:
*
*
*
*
*
To specify and join a domain:
1.
Go to Configure > Security > Access Control > Domains and click New Domain.
2.
Select Integrated Windows Authentication from the Authentication Method drop down box.
3.
In the Domain Identifier field, enter a unique name that will help you recognize the domain and its purpose.
4.
5.
In the Domain Name field, enter the fully qualified domain name. For example, ad1.example.com.
6.
In the Administrator Name field enter the Windows Administrator user name.
7.
In the Administrator Password field enter the Windows Administrator password.
The name and password are used only during the join and are not stored.
8.
Select how to locate the domain controller:
*
*
If the domain controller is specified by name or IP address, you can also specify backup domain controllers in a comma separated list, no spaces.
9.
Confirm the Content Gateway Hostname.
 
Warning 
10.
Click Join Domain.
The Joined Domain Connections section of the Monitor > Security > Integrated Windows Authentication page displays a list of joined domains and connections, and provides a diagnostic test function.
For troubleshooting tips, see Failure to join the domain.
To change the way the domain controller is found, and other attributes
1.
On the Domains page, in the list select the domain you want to change and click Edit.
2.
In the IWA Domain Details section, select how to locate the domain controller:
*
*
If the domain controller is specified by name or IP address, you can also specify backup domain controllers in a comma separated list, no spaces.
3.
4.
Click Apply.
Adding an NTLM domain controller for use with Legacy NTLM
Support for Legacy NTLM has these restrictions:
*
WINS resolution is not supported. Domain controllers must have hostnames that can be resolved by a DNS server.
*
Extended security is not supported and cannot be enabled on the domain controller.
*
NTLM2 session security is not supported and cannot be enabled on clients. In the Security Settings area of the Windows operating system, inspect the Network Security: Minimum session security settings.
*
NTLMv2 is not supported with Active Directory 2008.
*
For a complete description of support for Legacy NTLM, see Legacy NTLM authentication.
To add an NTLM domain for use in rule-based authentication:
1.
Go to Configure > Security > Access Control > Domains and click New Domain.
2.
Select Legacy NTLM from the Authentication Method drop down box.
3.
In the Domain Identifier field, enter a unique name that will help you recognize the domain and its purpose. After the domain is added, the name cannot be changed.
4.
5.
In the Legacy NTLM Domain Details section:
a.
In the Domain Controller entry field enter the IP address and port number of the primary domain controller. If no port is specified, Content Gateway uses port 139.
You can also specify secondary domain controllers in a comma-separated list. The supported formats are:
host_name[:port][%netbios_name]
IP_address[:port][%netbios_name]
The netbios_name is required with Active Directory 2008.
b.
 
Note 
Even if load balancing is not selected, if multiple domain controllers are specified and the load on the primary domain controller reaches the maximum number of connections allowed, new requests are sent to a secondary domain controller as a short-term fail over provision, until such time that the primary domain controller can accept new connections.
6.
Click Add Domain.
Adding a domain (directory service) for use with LDAP
When LDAP is used:
*
*
*
*
*
LDAP authentication supports both simple and anonymous bind.
To add an LDAP domain to the Domains list:
1.
Go to Configure > Security > Access Control > Domains and click New Domain.
2.
Select LDAP from the Authentication Method drop down list.
3.
In the Domain Identifier field, enter a unique name that will help you recognize the domain and its purpose. After the domain is added, the name cannot be changed.
4.
5.
In the LDAP Domain Details section:
a.
In the LDAP Server Name field, enter the fully qualified domain name or IP address of the LDAP server.
b.
If the LDAP server port is other than the default (389), in the LDAP Server Port field, enter the LDAP server port.
c.
Enter the LDAP Base Distinguished Name. Obtain this value from your LDAP administrator.
d.
Select the LDAP Server Type from the drop down list.
*
Select sAMAccountName for Active Directory
*
Select uid for other directory services
e.
In the Bind Domain Name field, enter the bind distinguished name. This must be a Full Distinguished Name of a user in the LDAP directory service. For example:
CN=John Smith,CN=USERS,DC=MYCOMPANY,DC=COM
f.
In the Bind Password field, enter the password for the name given in the Bind Domain Name field.
g.
Enable Secure LDAP if you want Content Gateway to use secure communication with the LDAP server. If enabled, set the LDAP port to 636 or 3269.
6.
Click Add Domain.
To unjoin or remove a domain from the Domain List
On the Domains page, select the domain from the list and click Unjoin or Delete.
A confirmation dialogue displays. Confirm that you want to remove the domain from the list.
 
Warning 

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Security > Content Gateway user authentication > Rule-Based Authentication > Rule-based authentication Domain list
Copyright 2016 Forcepoint LLC. All rights reserved.