Troubleshooting guide
1-17
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Configuring Administrative Login Authentication, Authorization, and Accounting
Configuring Administrative Login Authentication and Authorization
Configuring Windows Domain Server Authentication Settings
A Windows domain controller can be configured to control access to the WAAS software services using
either a challenge/response or shared secret authentication method. The system administrator can log in
to the WAAS device by using an FTP, SSH, or Telnet session, the console, or the WAAS Central Manager
GUI with a single user account (username/password/privilege). RADIUS and TACACS+ authentication
schemes can be configured simultaneously with Windows domain authentication. Logging of a variety
of authentication login statistics can be configured when Windows domain authentication is enabled.
The log files and the statistical counters and related information can be cleared at any time.
In a WAAS network, Windows domain authentication is used in the following cases:
• Log in to the WAAS Central Manager GUI
• Log in to the WAE Device Manager GUI
• CLI configuration on any WAAS device
You can configure Windows authentication for the WAAS Central Manager device, a single WAAS
device, or a group of devices. To configure Windows domain authentication on a WAAS device, you
must configure a set of Windows domain authentication settings.
Note Windows domain authentication is not performed unless a Windows domain server is configured on the
WAAS device. If the device is not successfully registered, authentication and authorization do not occur.
WAAS supports authentication by a Windows domain controller running only on Windows Server 2000,
Windows Server 2003, or Windows Server 2008.
If you are using NTLM authentication, the Windows domain server must be installed with the option to
support pre-Windows 2000 operating systems. (On the installation Permissions screen of the Windows
server dcpromo wizard, select “Permissions compatible with pre-Windows 2000 server operating
systems.”)
This section contains the following topics:
• Configuring Windows Domain Server Settings on a WAAS Device, page 1-17
• Unregistering a WAE from a Windows Domain Controller, page 1-22
Configuring Windows Domain Server Settings on a WAAS Device
You will need to know the name and IP address, or hostname, of the Windows domain controller that
will be used for authentication.
Note If the Central Manager is version 4.2.3a or later and you want to configure the Windows domain settings
on a WAAS device that is running version 4.2.3 or 4.2.1, you cannot use the Windows Domain Server
Settings page on the Central Manager. You must use the windows-domain diagnostics net CLI
command as described following the procedure below.
To configure Windows Domain server settings on a WAAS device or device group, follow these steps:
Step 1 From the WAAS Central Manager menu, choose Devices > device-name (or Device Groups >
device-group-name).
Step 2 Choose Configure > Security > AAA > Windows User Authentication. The Windows User
Authentication window appears. (See Figure 1-4.)