Troubleshooting guide
1-22
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Configuring Administrative Login Authentication, Authorization, and Accounting
Configuring Administrative Login Authentication and Authorization
g. To check the status of the registration request, click the Show Join Status button.
The status of domain join for the device (or all of the devices in the device group) is shown. It may
take a few moments for the results to be updated.
h. If the join request fails, the result is shown in the join status window. Wait a few more minutes and
try again to see the updated authentication status.
If the request succeeds, the domain registration status is shown in the Domain Join Status window.
After configuring the Windows domain settings, to complete the process of enabling Windows
authentication, you must set Windows as the authentication and authorization method for the device by
using the Authentication Methods window, as described in the “Enabling Administrative Login
Authentication and Authorization Schemes for WAAS Devices” section on page 1-26.
We recommend that you use the WAAS Central Manager GUI instead of the WAAS CLI to configure
Windows Domain server settings, but if you want to use the CLI, see the following commands in the
Cisco Wide Area Application Services Command Reference: windows-domain join and kerberos (if you
are using Kerberos as a shared secure authentication method).
Next, register the WAAS device with the Windows domain server that you configured, by using the
following command:
WAE# windows-domain join domain-name DomainName user UserName password Password
Finally, enable Windows Domain as the administrative login authentication and authorization
configuration by using the following commands:
WAE(config)# authentication login windows-domain enable primary
WAE(config)# authentication configuration windows-domain enable primary
Unregistering a WAE from a Windows Domain Controller
If you want to unregister a WAE device from a Windows domain controller, you can do that directly from
the WAAS Central Manager, as long as you have used the Kerberos shared secure authentication method.
If you have used the NTLM method, you cannot unregister the WAE by using the WAAS Central
Manager; you must log into the domain controller and remove the device registration manually.
Before you can unregister a device, you must disable windows authentication for the device.
To unregister a WAE device, follow these steps:
Step 1 From the WAAS Central Manager menu, choose Devices > device-name (or Device Groups >
device-name).
Step 2 Choose Configure > Security > AAA > Authentication Methods. The Authentication and
Authorization Methods window appears. (See Figure 1-7 on page 1-28.)
Step 3 Under both the Authentication Login Methods and the Authorization Methods sections, change each of
the drop-down lists that are set to WINDOWS so that they are set to something different. For more
information about changing these settings, see the “Enabling Administrative Login Authentication and
Authorization Schemes for WAAS Devices” section on page 1-26.
Step 4 Click Submit to save the settings.
Step 5 Choose Configure > Security > Windows Domain > Domain Settings and click the Domain Join tab.