Netgear SSL312 SSL312 User Manual - Page 46

Troubleshooting Active Directory Authentication, Deleting a Domain - client

Page 46 highlights

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 5. Enter the Kerberos or Active Directory domain name in the Kerberos Domain field. 6. Enter the name of the layout in the Portal Layout Name field. The default layout is SSL-VPN. (Additional layouts may be defined from the SSL VPN Portal > Portal Layouts screen.) Note: If you selected a portal layout other than SSL-VPN, then the domain will not be displayed on the default login page. Users will need to log in at https:///portal/. 7. Click Apply. Once the domain has been added, the domain will be added to the Domains table. Troubleshooting Active Directory Authentication If your users are unable to connect via Active Directory, verify the following: 1. The time settings between the Active Directory server and the SSL VPN Concentrator must be synchronized. Kerberos authentication, used by Active Directory to authenticate clients, permits a maximum of a 15-minute time difference between the Windows server and the client (the SSL VPN Concentrator). The easiest way to solve this issue is to configure Network Time Protocol on the Date and Time screen and check that the server's time settings are also correct. 2. Confirm that your Windows server is configured for Active Directory authentication using Kerberos. If you are using a Window NT 4.0 server, then your server only supports NT Domain authentication. Typically, Windows 2000 and 2003 servers are also configured for NT Domain authentication to support legacy Windows clients. Deleting a Domain To delete a domain, click the Delete link in the Domains table for the domain you wish to remove. Once the SSL VPN Concentrator has been updated, the deleted domain will no longer appear in the table in the Domains table. Note: The SSL VPN Concentrator "geardomain" domain cannot be deleted. 3-12 v2.1, November 2008 Authenticating Users

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
3-12
Authenticating Users
v2.1, November 2008
5.
Enter the Kerberos or Active Directory domain name in the Kerberos Domain field.
6.
Enter the name of the layout in the Portal Layout Name field. The default layout is SSL-VPN.
(Additional layouts may be defined from the SSL VPN Portal > Portal Layouts screen.)
7.
Click
Apply
. Once the domain has been added, the domain will be added to the
Domains
table.
Troubleshooting Active Directory Authentication
If your users are unable to connect via Active Directory, verify the following:
1.
The time settings between the Active Directory server and the SSL VPN Concentrator must be
synchronized. Kerberos authentication, used by Active Directory to authenticate clients,
permits a maximum of a 15-minute time difference between the Windows server and the client
(the SSL VPN Concentrator). The easiest way to solve this issue is to configure Network Time
Protocol on the
Date and Time
screen and check that the server’s time settings are also
correct.
2.
Confirm that your Windows server is configured for Active Directory authentication using
Kerberos. If you are using a Window NT 4.0 server, then your server only supports NT
Domain authentication. Typically, Windows 2000 and 2003 servers are also configured for NT
Domain authentication to support legacy Windows clients.
Deleting a Domain
To delete a domain, click the Delete link in the Domains table for the domain you wish to remove.
Once the SSL VPN Concentrator has been updated, the deleted domain will no longer appear in
the table in the Domains table.
Note:
If you selected a portal layout other than SSL-VPN, then the domain will not
be displayed on the default login page. Users will need to log in at
https://
<IP/Domain Name>
/portal/
<Portal Name>
.
Note:
The SSL VPN Concentrator
“geardomain” domain cannot be deleted.