Netgear STM300 STM 150-300-600 Reference Manual (PDF) - Page 157
Understanding Active Directories and LDAP Configurations, Active Directory
UPC - 606449062458
View all Netgear STM300 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 157 highlights
ProSecure Web/Email Security Threat Management (STM) Appliance 2. Log in again. 3. On the Authentication screen (see the previous figure), click the Logout link. WARNING! Ensure that users understand that they need to log out after completing a session in order to prevent subsequent users from inheriting access privileges that were not assigned to them. In addition to authentication through the STM's local user database, the STM supports the following external authentication methods for users logging in through the User Portal Login screen: • LDAP. A network-validated domain-based authentication method that functions with a Lightweight Directory Access Protocol (LDAP) authentication server. LDAP is a standard for querying and updating a directory. Because LDAP supports a multilevel hierarchy (for example, groups or organizational units), this information can be queried to provide specific group policies or bookmarks based on LDAP attributes. • Active Directory. A network-validated domain-based authentication method that functions with a Microsoft Active Directory authentication server. Microsoft Active Directory authentication servers support a group and user structure. Because the Active Directory supports a multilevel hierarchy (for example, groups or organizational units), this information can be queried to provide specific group policies or bookmarks based on Active Directory attributes. A Microsoft Active Directory database uses an LDAP organization schema. • RADIUS. A network-validated PAP or CHAP password-based authentication method that functions with Remote Authentication Dial In User Service (RADIUS). RADIUS supports two types of protocols: - PAP. Password Authentication Protocol (PAP) is a simple protocol in which the client sends a password in clear text. - CHAP. Challenge Handshake Authentication Protocol (CHAP) executes a three-way handshake in which the client and server trade challenge messages, each responding with a hash of the other's challenge message that is calculated using a shared secret value. When logging in through the User Portal Login screen, users need to provide their name and password, and select the domain that corresponds to the authentication method that has been assigned to them. Understanding Active Directories and LDAP Configurations This manual assumes that you already have a knowledge of Active Directories and LDAP servers. The following sections are meant to provide some additional information before you go to Creating and Deleting LDAP and Active Directory Domains on page 161. Chapter 5. Managing Users, Groups, and Authentication | 157