Troubleshooting guide
1-10
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Using the WAE Device Manager GUI
Managing a Cisco WAE
• Time Zone
Configuring Windows Authentication
The WAAS Central Manager GUI and the WAE Device Manager use Pluggable Authentication Modules
(PAM) for user login authentication. Administrative users defined in the WAAS Central Manager GUI
are distributed to the WAE Device Managers. Administrative user authentication is performed only upon
login to the WAAS Central Manager GUI or the WAE Device Manager. Each WAE has a default GUI
and CLI user with the username admin and password default. This user account cannot be deleted, but
the password can be changed.
Note In situations where the CLI user account information conflicts with the management GUI configuration,
the management GUI configuration will overwrite any conflicting CLI user account information at the
time of configuration distribution. A warning is displayed to CLI users after configuring CLI user
account settings to inform users of this behavior.
This section contains the following topics:
• Understanding Login Authentication and Authorization Through the Local Database, page 1-10
• Supported Authentication Methods, page 1-10
• LDAP Server Signing, page 1-11
• Setting Up Windows Authentication, page 1-11
• Checking the Status of Windows Authentication, page 1-13
Understanding Login Authentication and Authorization Through the Local Database
Local user authentication and authorization use locally configured usernames and passwords to
authenticate administrative user login attempts. The login and passwords are local to each WAE.
By default, local user login authentication is enabled as the primary authentication method. You can
disable local user login authentication only after enabling one or more of the other administrative login
authentication methods. However, when local user login authentication is disabled, and you disable all
other administrative login authentication methods, local user login authentication is reenabled
automatically.
Windows Domain authentication is another user login authentication method. You can use the console,
Telnet, FTP, SSH, or HTTP (WAAS Central Manager and WAE Device Manager interfaces) to
authenticate Windows Domain users.
Supported Authentication Methods
When you enable Windows authentication on your WAE, you can configure additional settings that make
the authentication process of your users, WAE, and services more secure when they register with the
domain controller.
CIFS supports the following Windows authentication methods on the WAE:
• NTLMv2 authentication—A Windows authentication protocol that is built into most Windows
operating systems.
• Kerberos—A Windows authentication protocol that uses secret-key cryptography and is built into
Windows 2003 Server.