Manualshelf

Specifications

ManualsBrandsBlack Box ManualsComputer equipmentDTX5000
61626364656667686970
Chapter 8 Authentication Services
Click Use SSL in Trust All Mode to use SSL encryption for data transmission. All server certificates will be
trusted and automatically accepted by the DTX Control system for transmitting data. This SSL method provides
medium security.
This encryption mode is not recommended for wide area networks (WANs).
Click Use SSL in Certificate-based Trust Mode to use SSL encryption for data transmission. The DTX 5000-
CTL Management Appliance will approve the server and then the certificate before transmitting data. This SSL
method provides maximum security.
10. Click Use Kerberos for User Authentication to use the Kerberos protocol for authentication requests, including the
browsing. If enabled, you must use DES encryption types for this account. If an account was created prior to Active
Directory, the user’s password must be changed after this setting is changed. In addition, the Active Directory server
addresses must be resolvable to their host names via DNS.
When this is not checked, the LDAP protocol will be used.
11. Click Enable Chasing of Referrals to allow the Active Directory server to refer DTX Control clients to additional
directory servers.
12. Specify the search mode:
Enable Use Recursion to search groups if you wish to have the AD service access the domain controller for the
specified domain name. This search includes the "Member" attribute of ObjectClass=group. This search is
recursive and finds nested groups. This search may be slow, depending on the number of groups and levels of
nesting.
-or-
Enable Use an Active Directory Global Catalog to have the AD service access the global catalog for the
specified domain name. The search includes the "TokenGroups" attribute of the ObjectClass=user. This search
is faster but only retrieves the nested groups SIDs; subsequent calls must be made to find the group name and
specific SIDs.
-or-
Enable Use Windows 2003 Universal Group Caching if you wish to have the AD service access the domain
controller for the specified domain name. The search includes the "TokenGroups" attribute of the
ObjectClass=user. This search is faster but only retrieves the nested groups SIDs; subsequent calls must be
made to find the group name and specific SIDs. The Windows 2003 Universal Group Caching feature must be
enabled in the Windows 2003 AD server.
13. Click Allow use of Users/Groups from Trusted Forests to allow logins by users belonging to a forest that are assigned
to groups in a different forest. If enabled, the DTX 5000-CTL Management Appliance will query all trusted forests in
the Active Directory service to find the user and user groups to which the authenticated user belongs.
If you deselect Allow use of Users/Groups from Trusted Forests, any previously discovered trusted forests will
be hidden from the User Authentication Services window and users belonging to trusted forests will not be
permitted to log in.
14. Click Save to save your changes.
If you selected Use SSL in Certificate-based Trust Mode, the Certificates heading will appear in the side
navigation bar. Go to step 13.
If you selected Do Not Use SSL or Use SSL in Trust All Mode, go to step 16.
15. Click Certificates. The Authentication Service Certificate Management - AD window opens and list all servers in that
domain. A status of Trusted indicates the certificate is trusted, based on the certificate policy; Untrusted indicates
the certificate cannot be trusted.
16. To register certificates:
Page 61 724-746-5500 | blackbox.com