Manualshelf

Specifications

ManualsBrandsBlack Box ManualsComputer equipmentDTX5000
51525354555657585960
Chapter 8 Authentication Services
A Partial Pre-Windows 2000 username is specified as username.
This option may only be configured for new authentication servers; it cannot be modified. Existing
authentication servers are set to the Partial Windows 2000 Username type for compatibility.
e. Specify a Secure Socket Layer (SSL) encryption mode:
Click Do Not Use SSL to have authentication performed using unencrypted clear text instead of SSL
encryption. This method is the least secure.
Click Use SSL in Trust All Mode to use SSL encryption for data transmission. All server certificates will be
trusted and automatically accepted by the DTX 5000-CTL Management Appliance for transmitting data. This
SSL method provides medium security.
This encryption mode is not recommended for wide area networks (WANs).
Click Use SSL in Certificate-based Trust Mode to use SSL encryption for data transmission. The DTX 5000-
CTL Management Appliance will approve the server and then the certificate before transmitting data. This
SSL method provides maximum security.
f. Click Use Kerberos for User Authentication to use the Kerberos protocol for authentication requests, including
the browsing. If enabled, you must use DES encryption types for this account. If an account was created prior to
Active Directory, the user’s password must be changed after this setting is changed. In addition, the Active
Directory server addresses must be resolvable to their host names via DNS.
When this is not checked, the LDAP protocol will be used.
g. Click Enable Chasing of Referrals to allow the Active Directory server to refer DTX Control clients to additional
directory servers.
h. Specify the search mode:
Enable Use Recursion to search groups if you wish to have the AD service access the domain controller
for the specified domain name. This search includes the "Member" attribute of ObjectClass=group. This
search is recursive and finds nested groups. This search may be slow, depending on the number of
groups and levels of nesting.
-or-
Enable Use an Active Directory Global Catalog to have the AD service access the global catalog for the
specified domain name. The search includes the "TokenGroups" attribute of the ObjectClass=user. This
search is faster but only retrieves the nested groups SIDs; subsequent calls must be made to find the
group name and specific SIDs.
-or-
Enable Use Windows 2003 Universal Group Caching if you wish to have the AD service access the
domain controller for the specified domain name. The search includes the "TokenGroups" attribute of the
ObjectClass=user. This search is faster but only retrieves the nested groups SIDs; subsequent calls
must be made to find the group name and specific SIDs. The Windows 2003 Universal Group Caching
feature must be enabled in the Windows 2003 AD server.
i. Click Allow users and groups from newly discovered trusted forests to allow logins by users that belong to the
authentication service forest or its discovered trusted forests. If enabled, the DTX 5000-CTL Management
Appliance will discover all trusted forests in the Active Directory service.
j. Click Next.
If you selected Use SSL in Certificate-based Trust Mode, go to step 6.
If you selected Do Not Use SSL or Use SSL in Trust All Mode, go to step 8.
Page 59 724-746-5500 | blackbox.com