ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual

Configuring Domains

The domain determines the authentication method to be used for associated users. For SSL connections, the domain also determines the portal layout that is presented, which in turn determines the network resources to which the associated users have access. The default domain of the UTM is named geardomain. You cannot delete the default domain.

Table 9-1summarizes the authentication protocols and methods that the UTM supports.

Table 9-1.Authentication Protocols and Methods

Authentication

Description (or Subfield and Description)

Protocol or Method

 

 

PAP

Password Authentication Protocol (PAP) is a simple protocol in which the client sends

 

a password in clear text.

 

 

CHAP

Challenge Handshake Authentication Protocol (CHAP) executes a three-way

 

handshake in which the client and server trade challenge messages, each

 

responding with a hash of the other’s challenge message that is calculated using a

 

shared secret value.

 

 

RADIUS

A network-validated PAP or CHAP password-based authentication method that

 

functions with Remote Authentication Dial In User Service (RADIUS).

 

 

MIAS

A network-validated PAP or CHAP password-based authentication method that

 

functions with Microsoft Internet Authentication Service (MIAS), which is a

 

component of Microsoft Windows 2003 Server.

 

 

WiKID

WiKID Systems is a PAP or CHAP key-based two-factor authentication method that

 

functions with public key cryptography. The client sends an encrypted PIN to the

 

WiKID server and receives a one-time pass code with a short expiration period. The

 

client logs in with the pass code. See Appendix D, “Two Factor Authentication” for

 

more on WiKID authentication.

 

 

NT Domain

A network-validated domain-based authentication method that functions with a

 

Microsoft Windows NT Domain authentication server. This authentication method has

 

been superseded by Microsoft Active Directory authentication but is supported to

 

authenticate legacy Windows clients.

 

 

Active Directory

A network-validated domain-based authentication method that functions with a

 

Microsoft Active Directory authentication server. Microsoft Active Directory

 

authentication servers support a group and user structure. Because the Active

 

Directory supports a multilevel hierarchy (for example, groups or organizational

 

units), this information can be queried to provide specific group policies or bookmarks

 

based on Active Directory attributes.

 

Note: A Microsoft Active Directory database uses an LDAP organization schema.

9-2

Managing Users, Authentication, and Certificates

v1.0, September 2009

Page 308
Image 308
NETGEAR UTM25EW-100NAS, UTM25-100NAS, UTM10EW-100NAS manual Configuring Domains, Authentication Protocols and Methods