Netgear STM300 STM 150-300-600 Reference Manual (PDF) - Page 164
Editing LDAP and Active Directory Domains, Understanding the ProSecure DC Agent
UPC - 606449062458
View all Netgear STM300 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 164 highlights
ProSecure Web/Email Security Threat Management (STM) Appliance Editing LDAP and Active Directory Domains To edit an LDAP or Active Directory domain: 1. Select User Management > Authentication from the menu. The authentication submenu tabs display with the LDAP screen in view (see Figure 94 on page 161). 2. In the Action column of the List of LDAP table, click the Edit table button for the domain and server that you want to edit. The Edit LDAP screen displays. This screen contains the same fields as the LDAP screen (see Figure 94 on page 161). 3. Modify the fields and make your selections from the drop-down list as explained in Table 47 on page 162. 4. Click Test to verify that the LDAP server can actually function with the LDAP settings that you have modified. The automated test procedure checks the connection to the LDAP server, the bind DN, and the bind password. If any settings require changes, you are notified at the end of the automated test procedure. 5. Click Apply to save your settings. Understanding the ProSecure DC Agent If you set up an open network, you would want to allow unauthenticated users to surf anonymously. For a secure network, you would use a more restrictive access policy for unauthenticated users and a less restricted access policy for authenticated users. Without the use of the DC agent, any LDAP domain user surfs anonymously until providing credentials to the STM in order to proceed past a blocked Web activity. With use of the DC agent, LDAP domain users are immediately known to the STM when they are authenticated on a DC server on which the DC agent is installed. If the LDAP directory authenticates through a domain controller (DC) server that runs Windows Server 2003 with Service Pack 1 (SP1) or Windows Server 2008, you can use the ProSecure DC Agent software to authenticate LDAP domain users. The DC agent monitors all Windows login events (that is, all LDAP domain user authentications) on the DC server, and provides a mapping of Windows user names and IP addresses to the STM, enabling the STM to transparently apply user policies. The DC agent transfers encrypted names, IP addresses, groups, and login times of the users logged in to the STM, where this information remains securely (that is, it is not transferred out of the STM). 164 | Chapter 5. Managing Users, Groups, and Authentication