Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274

231

232

233

234

235

236

237

238

239

240

1-24

Cisco Wide Area Application Services Configuration Guide

OL-26579-01

Chapter 1 Configuring Administrative Login Authentication, Authorization, and Accounting

Configuring Administrative Login Authentication and Authorization

scripts might fail. Install the Certification Authority service on the Microsoft server with the server’s

certificate (Programs > Administrative Tools > Certification Authority). Enable the LDAP server

signing requirements property on the Microsoft server (Start > Programs > Administrative Tools >

Domain Controller Security Policy). In the displayed window, choose Require signing from the

drop-down list, and click OK.

For information about how to configure your Windows domain controller to require an LDAP signature,

see your Microsoft documentation.

This section contains the following topics:

• Configuring LDAP Signing on the Client WAEs, page 1-24

• Disabling LDAP Server Signing on a Client WAE, page 1-25

Configuring LDAP Signing on the Client WAEs

You can configure a security setting on Windows 2003 domain controllers to require clients (such as

WAEs) to sign LDAP requests. Because unsigned network traffic can be intercepted and manipulated by

outside parties, some organizations require LDAP server signing to prevent man-in-the-middle attacks

on their LDAP servers. You can only configure LDAP signing on a single WAE; it cannot be configured

at a system level. In addition, you must configure LDAP signing on a WAE through the WAAS CLI; you

cannot configure LDAP signing through any of the WAAS GUIs (either the WAAS Central Manager GUI

or the WAE Device Manager GUI).

By default, LDAP server signing is disabled on a WAE. To enable this feature on a WAE, follow these

steps:

Step 1 Enable LDAP server signing on the WAE:

WAE# configure

WAE(config)# smb-conf section "global" name "ldap ssl" value "yes"

Step 2 Save the configuration on the WAE:

WAE(config)# exit

WAE# copy run start

Step 3 Check the current running LDAP client configuration on the WAE:

WAE# show smb-conf

Step 4 Register the WAE with the Windows domain:

WAE# windows-domain diagnostics net "ads join -U username%password"

Step 5 Enable user login authentication on the WAE:

WAE# configure

WAE(config)# authentication login windows-domain enable primary

Step 6 Enable user login authorization on the WAE:

WAE(config)# authentication configuration windows-domain enable primary

Step 7 Check the current configuration for login authentication and authorization on the WAE:

WAE# show authentication user

----------------------------- ------------------------------

local enabled (secondary)