NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

5.From the Portal Layout Name drop-down menu, select the name of the layout. The default layout is SSL-VPN. You can define additional layouts in the Portal Layouts page.

6.Click Apply to update the configuration. Once the domain has been added, the domain displays in the table on the Domains screen.

Active Directory Authentication

Active Directory authentication servers support a group and user structure that can be queried when an Active Directory user logs in. This means that you can create policies and bookmarks for Active Directory users at the group level, without needing to define Active Directory users in the SSL VPN Concentrator. When a user logs in, if no corresponding user name is configured in the the local database, then SSL VPN Concentrator will query the Active Directory server for the list of groups that the user belongs to. If any of the same groups are defined in the SSL VPN Concentrator, then policies and bookmarks for the first Windows Active Directory group that matches a group configured in the SSL VPN Concentrator will be applied to the user.

Once you create an Active Directory domain, you can add groups that correspond with groups on your Active Directory server. If the Active Directory user is configured in the SSL VPN Concentrator, then the SSL VPN Concentrator will ignore the group information provided by the Active Directory and, instead, implement policies and bookmarks based on the user settings and the settings of the group to which the user belongs.

Note: Because other authentication services do not have the same hierarchal structure and group definitions as Active Directory, if you want to apply specific policies or

bookmarks to a group of RADIUS, NT, or LDAP users, you must add each user on the Users and Groups screen.

Configuring for Windows Active Directory Authentication

To configure Windows Active Directory authentication:

1.Click Add Domain. An Add Domain window displays.

Note: Of all types of authentication, Active Directory authentication is the most error prone. If you are unable to authenticate using Active Directory, please read the

troubleshooting procedure at the end of this section.

3-10

Authenticating Users

v2.0, May 2007

Page 42
Image 42
NETGEAR SSL312 manual Configuring for Windows Active Directory Authentication