Products    Technology    Online Demo   
 


Support Services
Documentation
Technical FAQ
Support Login



Contact Support
Email:
support@menlologic.com
Telephone:
650-922-6500





Active Directory Authentication

Configuring AccessPoint with Microsoft Active Directory



This section provides instructions and useful information for configuring Menlo Logic AccessPoint with Microsoft® Active Directory® authentication.

Microsoft introduced Active Directory directory services with Windows 2000 server. Active Directory combines Lightweight Directory Access Protocol (LDAP), a standard used to identify or locate users, groups, and network resources, and Kerberos, a network authentication protocol. For information about Active Directory, see the Microsoft Active Directory Overview.

Active Directory Authentication Instructions

See the AccessPoint configuration guide for more detailed instructions
  1. Click Access, then click Domains to view the Authentication Domains page.
  2. Click Add Domain
  3. Select "Active Directory" from the Authentication Type menu.
  4. Enter a descriptive name for the domain in the AccessPoint Domain Name field.
  5. Enter the Active Directory server name or IP address in the Server Address field.
  6. Enter the name of the Active Directory Domain in the Active Directory Domain field.
  7. Click Submit to submit the changes.
If, after following these instructions, you are not able to authenticate to the Active Directory server, confirm the following:
  • The time settings of the Active Directory server and the SSL VPN gateway are synchronized. Active Directory uses Kerberos authentication and Kerberos allows a maximum of a 15 minute time difference between the client and the server. The easiest way to synchronize the time is by enabling NTP (Network Time Protocol). NTP configuration instructions are provided below. Time settings are the most common reason for Active Directory authentication failures.
  • Confirm that the Active Directory service has been successfully installed on the Windows 2000 or 2003 server.
  • Verify that the Active Directory Domain configured in AccessPoint is defined in Active Directory Domains and Trusts on the Windows server.
  • The Active Directory user that is used to login should be a member of the Active Directory Domain on the Windows server.
  • The Active Directory user should have sufficient privileges for remote authentication.
  • When logging into the SSL VPN portal as a user, confirm that you are selecting the Active Directory authentication domain from the Domain menu.
  • Check that the AccessPoint gateway can contact the Windows server. If any services, such as Network File Sharing, FTP, Web, Telnet or Terminal Services, are enabled on the Windows server, then try to access these services from the SSL VPN portal. If the Windows server is not reachable, then verify network settings.
  • Review the Windows Active Directory log file for error messages.
NTP Configuration for Time Synchronization
  1. To configure the AccessPoint NTP settings, click General, then click Date in the administrative interface.
  2. Select the correct time zone from the Select Your Time Zone menu.
  3. Check the Automatically synchronize with an NTP server checkbox.
  4. Enter the NTP update time period in seconds in the Update Interval field. The default period is 64 seconds.
  5. Enter the name of one or more NTP servers in the NTP Server Address fields.* Available NTP servers include:
    • time.windows.com
    • time.nist.gov
    • clock.isc.org
    • timekeeper.isi.edu
    • tick.usno.navy.mil
    • tock.usno.navy.mil
  6. Click Submit to update your settings.
* Only standards compliant NTP servers are supported. Microsoft Windows server NTP implementation may require NTLM client authentication and is therefore not recommended.

Home | Contact Us | Site Map | Privacy                ©2005 Menlo Logic