Chapter 13 User Accounts and Groups

If the DNS server itself is set in the operating system, the domain controller of the Active Directory must be the first item in the DNS servers list in the DNS Forwarder configuration (for details, refer to chapter 5.3).

For mapping of multiple domains:

1.The WinRoute host must be a member of one of the mapped domains.

2.It is necessary that this domain trusts any other domains mapped in WinRoute (for details, see the documentation regarding the operating system on the corre- sponding domain server).

3.For DNS configuration, the same rules are followed as for mapping of a single domain (DNS server must be a domain server of the domain which the WinRoute’s host belongs to).

Single domain mapping

To set Active Directory domain mapping, go to the Active Directory tab under User and Groups Users.

If no domain mapping has been defined yet or only one domain is defined, the Active Directory tab already includes predefined parameters customized for the domain map- ping.

Active Directory mapping

In the top part of the Active Directory tab, it is possible to enable/disable mapping of user accounts from the Active Directory domain to WinRoute.

The Active Directory domain name entry requires full DNS name of the mapped domain (e.g. company.com, company would not be satisfactory). For your better reference, it is also recommended to provide a short description of the domain (especially if more domains are mapped).

Domain Access

In the Domain Access section, specify the login user name and password of an account with read rights for the Active Directory database (any user account within the domain can be used, unless blocked).

Click Advanced to set parameters for communication with domain servers:

200

Page 200
Image 200
Kerio Tech Firewall6 manual Single domain mapping, Active Directory mapping, Domain Access, 200