Specifications
Chapter 8 Authentication Services
6. The DTX Control server will try to find a server that has a trusted certificate chain. If no trusted certificate chain is
found, then the Accept Certificate window will open and list all servers that belong to the domain. It will also list the
reasons for rejection of the certificate chain.
7. Click Next to accept the certificate.
8. The Select Browsing Method window will open.
Click Browse Anonymously to browse users on the external Active Directory authentication server.
-or-
Click Browse with user credentials to browse users on the external Active Directory authentication based on
credentials configured on the server. If this option is selected, do the following:
a. Type the username for an Active Directory account that has browse rights in the User Name field. The login ID
must be entered in case sensitive text if the Active Directory server is set up to use Kerberos. When using
Kerberos, the browse account cannot be specified in the Full Pre-Windows 2000 Username form
(domain\username). If the username is in a sub-domain of the Active Directory domain (specified in step 3a), then
the username should be specified as <username>@<subdomain>.
b. Type the password for an Active Directory account that has browse rights in the Password field.
c. Click Next.
9. The Establish Connection with Authentication Service window will open briefly. If the external authentication service
is added successfully, the Completed Successful window will open.
10. Click Finish. The User Authentication Services window will open with the new service listed.
NOTE: If the authentication service has trusted forests, the settings configured for the authentication service in the Add Authentication Service
Wizard will be applied to the discovered trusted forests. However, the settings for each trusted forest can later be changed in the Authentication
Service Connection Settings window.
See User Authentication Services Window on page 73 for more information about trusted forests.
To change settings for the Active Directory external authentication service:
1. Click the Users tab.
2. Click Authentication Services in the top navigation bar. The User Authentication Services window will open.
3. Click the name of the Active Directory (AD) service. The side navigation bar will change to include the name of the
AD service at the top and, below the name, the information you may define.
4. Click Connection in the side navigation bar. The Authentication Service Connection Settings - AD window will open.
5. Type a name in the Service Name field to change the name of the service that appears in the Name column of the
User Authentication Services window.
6. Type the domain name of the Active Directory service in the AD Domain Name field.
7. In the User Container field, specify the name of the container to search for user accounts. This will limit the search
scope to that container. The name may be entered in several forms, optionally including a sub-domain. See To add an
Active Directory external authentication service: on page 58 for an explanation of the valid forms.
8. In the Group Container field, specify the name of the container to search for user groups. This will limit the search
scope to that container. The name may be entered in several forms, optionally including a sub-domain. See To add an
Active Directory external authentication service: on page 58 for an explanation of the valid forms.
9. Specify a Secure Socket Layer (SSL) Encryption mode:
• Click Do Not Use SSL to have authentication performed using unencrypted clear text instead of SSL encryption.
This method is the least secure.
724-746-5500 | blackbox.com Page 60