Choosing User Authentication
from the Configuration menu will open
the page in Figure 4.6.
Figure 4.6 - User Authentication Source Page
The default option
is No User Authentication. This option still allows multiple policies, though
they are applied to groups of workstations rather than groups of users (see Working with Objects). To use
this setting, simply click the Set Options
button.
To choose one of the
other options simply click the appropriate radio button. The following
screenshots show how the page changes dependent on the authentication system chosen.
Figure 4.7 - NT Authentication Configuration Page
Active Directory (Kerberos) Authentication
Figure 4.8 - AD (Kerberos) Authentication Configuration
Page
|
|
Note Choose AD (Kerberos) authentication if a login box is
required when authenticating against CN Pro. This method will also reduce the loading on a large
network compared to NTLM authentication. |
Active Directory (NTLM) Authentication
Figure 4.9 - AD (NTLM) Authentication Configuration
With NTLM authentication, end users will
never see the CN Pro login box. Instead,
having authenticated with the Active Directory when they logged into the
network, CN Pro “knows” who they are and will apply the appropriate
policy.
|
|
Note Both the AD domain and the old NetBIOS (NT) domain name
MUST be specified. |
Netware NDS Authentication
Figure 4.10 - NDS Authentication Configuration Page
Figure 4.11 - LDAP Authentication Configuration Page
The LDAP Authentication enables the use of a
vanilla (non-AD) LDAP server as the authentication source.
The fields are as
follows:
Server IP Address: The address of the server running the LDAP
service.
Base DN: This is the “root” of the directory tree. In our example, CN Pro is configured to use “dc=ldap, dc=adelix, dc=com”. You should enter the correct values for your
LDAP server. Queries from the CN to your
LDAP server will start from here.
Bind DN: This is an entity authorised to query the LDAP tree. CN Pro is
configured to use “cn=admin, dc=ldap, dc=adelix, dc=com”. All queries from CN Pro
to the LDAP server will use this entity.
|
|
Note Ensure the Bind
DN entity has suitable rights on the LDAP server. |
Bind DN Password: The password associated with the Bind DN entity.
Login Attribute: This attribute within the LDAP tree
specifies the username. Most Unix
installations use the uid attribute, though it is possible to configure an
alternate one. Consequently, CN Pro permits a choice of which attribute is to
be used to define the users.
|
|
Note This attribute must be correct for CN Pro to be able to
import users from the LDAP tree. |
Object Class Filter: In most installations, this field can safely
be left blank. It is provided for those users who have a more complex LDAP
configuration.
CensorNet Internal Authentication
Figure 4.12 - CensorNet Internal Authentication
This option has been
provided for users who used this option on earlier versions of the product. It allows for an internal authentication
source and is used purely for user-based policies.
Once the
authentication method has been chosen, tick the Prevent Multiple Login Attempts box if required. Ticking this box
will prevent a user from logging into multiple workstations within a five-minute
period.
Confirm the selected
options by clicking the Set Options
button. The settings will then be written to the various configuration files
and the Proxy Service restarted.
Related Topics
