Manualshelf

Specifications

ManualsBrandsBarracuda Networks ManualsComputer equipmentSSL VPN
21222324252627282930
26
Controller. Hostnames can also be specified with a port number if different from the Domain
Controller Port parameter.
Service!Account!Authentication !!
The!standard!A ctive!Directory!database!uses!GSS‐API!authentication!for!the!service!account.!It!is!
unable!to!authenticate!credentia l s!containing!non‐English!chara cters.!The!service!account!does!
not!need!to!be!fully!qualified.
Domain: The domain the controllers are on for example, example.barracuda.com.
Service Account Username: The service account details needed to use authenticate Active
Directory users. You should configure a standard user account in Active Directory solely for
the use of the Barracuda SSL VPN to query the directory.
Service Account Password: The password to use for the service account.
Service!Account!
It!is!recommended!that!a!specifi c!AD!user!account!be!created!fo r!the!Service!Ac count!only.!!This!
is!required!to!s upport!some!of!the!other!authenti cation!methods!a vailable!in!the!pr oduct.!!
The next tab OU Filter is an optional tab but allows specific organizational units to be added or
removed.
Include Organizational Unit Filter: Add any OUs that should be used when listing accounts
and roles. Only the accounts residing in the OUs you specify will be shown. For further
details refer to the section titled, Organizational Unit Filter.
Exclude Organizational Unit Filter: Add any OUs that should not be used in the listing of
accounts and roles.
Include Built-in groups: This will include the default ‘Built-in’ group base CN=Builtin
built from the domain name to the filter list.
Include distribution groups: This will include the default ‘Distribution’ group base
CN=Distribution built from the domain name to the filter list.
Include standard Users and groups: This will include the default ‘User’ base CN=Users
built from the domain name to the filter list. All users and groups under this will be added.
The final tab, Options, allows an advanced user the ability to fine tune access to the Active Directory
database.
Service Authentication Type: Which authentication method to use for server account
authentication. GSS-API type is unable to process credentials which contain non-English
characters but allows for the service account to be defined without full qualification. Simple
authentication however is able to authenticate using non-standard character sets.
User Authentication Type: Which authentication method to use for user account
authentication.
Authentication Timeout: How long the system should wait while authenticating
Authentication Maximum Retries: How many times to retry to authenticate.
Connection timeout: Generic connection timeout for active directory sessions
Cache Objects In Memory: The system can cache user objects either to file or memory. If
the user population is extremely large in-memory caching can be prone to running out of
memory when loading objects.
Max Group Cache Objects: The maximum number of group objects stored in cache.