The Microsoft Windows option on the Authentication tab contains the following elements.

Table 3-10Authentication tab – Microsoft Windows

Callout

Component

Description

 

 

 

1

Authentication method

Select Microsoft Windows from the drop-down menu.

2Windows Sign in Setup Click Add to add domains to the Trusted Domains list. Click Remove to

(Kerberos and NTLM) remove domains from the list. Select the Default Windows Domain from the drop-down menu.

Use the following fields to set up the sign-in method.

Match the name entered with this attribute

Retrieve the user's e-mail address using this attribute

3Test Windows Sign In Type information into the following fields, and then click Test to test the Microsoft Windows sign-in setup.

Domain

Username

Password

DSS Windows authentication uses Microsoft Active Directory, a special-purpose database that contains information about objects, including users, that are contained within the domain. The Active Directory database resides on domain controllers and is automatically replicated across all domain controllers in the domain. Active Directory provides an LDAP interface to the data in the directory database.

As shown in Figure 3-17 Windows Active Directory authentication on page 50, the following steps occur during Windows authentication:

1.The user types his or her username and password at the device. This information is securely transmitted to the DSS server.

2.The DSS program authenticates to the domain through the Windows API to validate the user's credentials.

3.If the user's credentials are correct, the Domain Controller returns either the security identifier (SID) or the BSID (Binary SID).

4.Using the LDAP interface, DSS queries the LDAP directory for the authenticated user's e-mail address.

5.The LDAP directory returns the authenticated user's e-mail address.

6.DSS inserts the authenticated user's e-mail address in the From: text box of the e-mail and prohibits the user from changing the field.

ENWW

Configuration 49