11-28
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 11 Configuring Security Manager Administrative Settings
Identity Settings Page
Field Reference
Table11-15 Identity Settings Page
Element Description
Domain-AD Server Group
Mapping table.
Each row in the table defines the Active Directory (AD) server group to
use for a NetBIOS domain for use with identity-aware firewall policies
on ASA devices.
To add an entry, click the Add Row (+) button and fill in the Add
AD Domain Server dialog box. See Domain AD Server Dialog
Box, page 13-10. You need to enter the domain name and select the
AAA server group object that specifies the LDAP AD servers.
To edit an entry, select it and click the Edit Row (pencil) button.
To delete an entry, select it and click the Delete Row (trash can)
button.
To test whether Security Manager can successfully contact the
servers defined in a server group, select the row and click Test .
Default Domain The NetBIOS domain to use when you do not type in a domain when
specifying a user or group name in a firewall policy or an identity user
group policy object.
The default is LOCAL, which means the name is defined on the ASA
itself, either as a local user or as a VPN user who was authenticated by
a means other than an LDAP server group associated with a domain
name.
Other than LOCAL, only domains configured in the Domain-AD
Server Group Mapping table appear in this list.
Tip This setting is not related to the default domain configured on
the ASA using the user-identity default-domain command. This
setting is a convenience setting to allow you to type in
usernames without always having to include the domain name.
Select the domain for which you will most often type user
names.
Route query via When you use the Find feature while selecting users or user groups,
Security Manager must query the AD server. Select whether the query
comes from the Security Manager client (the workstation on which you
are running the client) or the server.
By default, LDAP queries come from the client.