Table 3-10Authentication tab – Microsoft Windows (continued)

Callout

Component

Description

 

 

 

2

Windows Sign in

Click Add to add domains to the Trusted Domains list. ClickRemove to

 

Setup (Kerberos

remove domains from the list. Select the Default Windows Domain from the

 

and NTLM)

drop-down menu.

 

 

Use the following fields to set up the sign-in method.

 

 

Match the name entered with this attribute

 

 

Retrieve the user's e-mail address using this attribute

 

 

 

3

Test Windows

Type information into the following fields, and then click Test to test the

 

Sign In

Microsoft Windows sign-in setup.

 

 

Domain

 

 

Username

 

 

Password

 

 

 

 

DSS Windows authentication uses Microsoft Active Directory, a special-purpose database that contains information about objects, including users, that are contained within the domain. The Active Directory database resides on domain controllers and is automatically replicated across all domain controllers in the domain. Active Directory provides an LDAP interface to the data in the directory database.

As shown in Figure 3-17 Windows Active Directory authentication on page 72, the following steps occur during Windows authentication:

1.The user types his or her username and password at the device. This information is securely transmitted to the DSS server.

2.The DSS program authenticates to the domain through the Windows API to validate the user’s credentials.

3.If the user’s credentials are correct, the Domain Controller returns either the security identifier (SID) or the BSID (Binary SID).

4.Using the LDAP interface, DSS queries the LDAP directory for the authenticated user’s e-mail address.

5.The LDAP directory returns the authenticated user’s e-mail address.

6.DSS inserts the authenticated user’s e-mail address in the From: text box of the e-mail and prohibits the user from changing the field.

ENWW

Configuration

71