Manualshelf

Specifications

ManualsBrandsBarracuda Networks ManualsComputer Hardware4
51525354555657585960
Barracuda Web Filter Release 3.3
56 Chapter 4: Managing Users and Groups
Integrating with a user authentication service
You can integrate the Barracuda Web Filter with your existing authentication server to gain the
following benefits:
Web filtering policy exceptions can be applied to domain usersIf you do not integrate with your
LDAP or NTLM authentication server, you can apply filtering policy exceptions only to local users
and groups that you create in the
USERS/GROUPS tab.
Domain users can be authenticated in the Barracuda Web Filter—LDAP users are authenticated
when credentials are provided in order to proceed to a blocked or warned Web page or application.
NTLM users are authenticated by single sign-on access against the NTLM authentication service.
Authenticated domain users are known by username, client IP address, and group membership:
Usernames and client IP addresses of authenticated domain users are visible in the
Account
View
page (with the exception of NTLM users), the Log page, the Applications Log page, and in
Reports output.
Group membership information about authenticated domain users is available by opening the
Lookup facility (accessed by clicking Lookup in the
USERS/GROUPS > Exceptions page) and
using the Active Directory User/Group section of that window.
Domain users that are unauthenticated in the Barracuda Web Filter appear as anonymous
users.
Use the USERS/GROUPS > Authentication Services page to integrate the Barracuda Web Filter with
your existing authentication server:
Enabling LDAP domain user authentication....................................... 56
Enabling NTLM domain user authentication...................................... 59
Enabling LDAP domain user authentication
If your network uses a Lightweight Directory Access Protocol (LDAP) or Active Directory
authentication (AD) server, your LDAP domain users can use the LDAP or AD authentication service
to become authenticated in the Barracuda Web Filter system.
To enable LDAP user authentication
To enable LDAP domain user authentication against your LDAP or AD server, go to the
USERS/GROUPS > Authentication Services page. In the LDAP tab, provide information about
connecting to the LDAP server, binding to the LDAP server, and the encryption type.
About the optional Barracuda DC Agent software
If your LDAP directory authenticates against a domain controller running Windows Server 2003
with Service Pack 1 (SP1), you can enable the Barracuda Web Filter to recognize your LDAP domain
users whenever those users authenticate against the LDAP domain controller server. To enable the
Barracuda Web Filter to transparently track user login activity in your Windows domains, install the
Barracuda DC Agent software on each relevant LDAP domain controller server, and configure each
relevant Barracuda Web Filter to communicate with each DC agent.
Note: If this feature is not enabled (or cannot be supported by your domain controller), an LDAP
domain user surfs anonymously until providing credentials for a second time, in order to proceed past
a blocked or warned Web activity.