Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274

321

322

323

324

325

326

327

328

329

330

1-13

Cisco Wide Area Application Services Configuration Guide

OL-26579-01

Chapter 1 Using the WAE Device Manager GUI

Managing a Cisco WAE

Step 7 Check the Windows authentication for WAFS Management login check box to use Windows Domain

to authenticate Telnet, FTP, console, SSH, and user interface (WAAS Central Manager GUI and WAE

Device Manager) logins to CIFS (WAFS).

When you add users through the WAAS Central Manager GUI, you are given the option to configure

users as local users who have their login password stored on the WAE. Local users are authenticated by

the WAE, but nonlocal users are commonly verified using Windows Domain authentication.

Step 8 If you are using Kerberos authentication, check the Kerberos enabled check box and then specify the

following information:

• The fully qualified name of the Kerberos realm. All Windows 2000 domains are also Kerberos

realms, but the realm name is always the all uppercase version of the domain name.

• The fully qualified name or IP address of the Key Distribution Center. You can also specify a port

using the following format: ip address or name:port number. For example, 10.10.10.2:88.

• The organizational unit.

You can only enable Kerberos authentication if at least one of the boxes described in Step 7 is checked.

After you enable Kerberos, make sure that the clock on your WAE is within 5 minutes of the clock on

your domain controller. Otherwise, your domain controller will refuse to use Kerberos for

authentication.

If you are using a Windows 2000 (with SP4) or Windows 2003 (with SP1) domain controller, you should

enable Kerberos authentication.

Step 9 If your domain controller has been configured to require LDAP server signing, you need to use the

WAAS CLI to enable LDAP server signing on the WAE by using the smb-conf section "global" name

"ldap ssl" value "yes" global configuration command. For information on using the smb-conf

command, see the Cisco Wide Area Application Services Command Reference.

Step 10 Check the Register WAE with Domain Controller check box.

Note You need to register the WAE with the domain controller whenever you enable or disable

Kerberos, enable Windows authentication, or change the NetBios name, workgroup, or Kerberos

realm.

A series of fields display under the check box. Enter the following information in these fields:

• Domain controller (enter the name, not the IP address).

You can only enter the NetBios name of the domain controller when Kerberos is disabled. If

Kerberos is enabled, you can enter the fully qualified domain name of the domain controller.

• Domain administrator username (enter the username, domain\username, or domain+username).

• Domain administrator password.

Step 11 Click Save.

The Windows Authentication settings are saved, and the WAE is registered with the domain controller.

Step 12 Verify if Windows Authentication is working correctly. See the “Checking the Status of Windows

Authentication” section on page 1-13.

Checking the Status of Windows Authentication

After you enable Windows Authentication, you can check the status of Windows Authentication and

view the results of built-in tests that can help you resolve authentication issues.