User`s guide
1.
2.
3.
a.
b.
c.
4.
a.
b.
RADIUS
OCSP
Group Filter Patterns
Barracuda DC Agent
The Barracuda DC Agent runs on either the domain controller or a dedicated Windows PC on the office network. To record authenticated users, it
periodically checks the domain controller for login events. The IP addresses of authenticated users are mapped to their username and group
context. The list of authenticated users is provided the Barracuda Firewall, allowing true single sign-on capabilities. For more information aboutto
the Barracuda DC Agent, see . You can download the Barracuda DC Agent from your Barracuda DC Agent for User Authentication Barracuda
.Cloud Control Account
DC Agent Settings
If your domain controller runs Windows Server 2003 with Service Pack 2 (SP2) or Windows Server 2008, you can install the Barracuda DC Agent
on it to monitor user authentications. Then you can configure the Barracuda Firewall to query the Barracuda DC Agent so that it can recognize
your authenticated users and provide single sign-on.
The Barracuda DC Agent enables the Barracuda Firewall to transparently track user login activity in your Windows domains. You must configure
the following software components:
Domain controller audit policies – Configure local audit policies to generate an account logon event whenever a domain user account
is authenticated on the domain controller.
Barracuda DC Agent – Install and configure the DC Agent on each domain controller. Specify which Barracuda Firewalls that the
DC Agent must communicate with. Each instance of this service maintains a record of all the users that have been authenticated by the
domain controller. You only need to create authentication service per domain controller.one
Barracuda Firewall – Enable single sign-on for your authenticated LDAP domain users, and specify the domain controllers where the
Barracuda DC Agent is installed. The Barracuda Firewall periodically polls each domain controller to obtain information about
authenticated LDAP users.
Install the Barracuda DC Agent
As , install, configure, and test the Barracuda DC Agent on your domain controllers or dedicated Windows PC. Follow theadmin
instructions in . Configuration instructions are also provided in the Barracuda DCHow to Get and Configure the Barracuda DC Agent
Agent administrative interface.
When you configure the DC Agent, you can also configure the domain controller to audit user logon and logoff activity and to generate an
account logon event whenever a user is authenticated.
Go to the page and configure the Barracuda Firewall to communicate with the DC Agent.USERS > External Authentication
Click the tab.DC Agent
Set to .Enable Single Sign-On Yes
Specify the following information about each DC Agent and then click :Add
Domain Controller – The IP address of the domain controller running the DC Agent. The Barracuda Firewall pollsIP
the DC Agent to obtain the list of users authenticated against this domain controller.
DC Agent Listening Port – The port used by the DC Agent to communicate with the Barracuda Firewall. The default
port number is .5049
Synchronization Interval – The interval (in seconds) in which the Barracuda Firewall polls the DC Agent for the list of
authenticated users. The recommended value is seconds.15
(Optional)Exempt specific LDAP domain users.
In the field, enter the account username. You can use Perl-compatible regular expression (PCRE)Exempt User Name
pattern-matching notation to specify the account username (such as for any alphanumeric character or for any\w \W
non-alphanumeric character).
Click .Add
Active Directory
Microsoft Active Directory (MSAD) is a directory service that allows authentication and authorization of users in a network. It has been included
with all Windows Server operating systems since Windows 2000 Server. MSAD is used for single sign-on for many services. Permissions are
managed by . Users inherit the permissions of all the groups that they are members of. Backward-compatibility for older services is providedgroup
by NTLM/MS-CHAP options that you can activate and configure on the MSAD server. All information is kept in a single directory information tree.
Do not install the Barracuda DC Agent on your NTLM domain controller.