Setup and Install

Table 3-10 Authentication tab – Microsoft Windows (continued)

Callout Component Description

2 Windows Sign in

Setup (Kerberos

and NTLM)

Click Add to add domains to the Trusted Domains list. ClickRemove to

remove domains from the list. Select the Default Windows Domain from the

drop-down menu.

Use the following fields to set up the sign-in method.

● Match the name entered with this attribute

●

Retrieve the user's e-mail address using this attribute

3 Test Windows

Type information into the following fields, and then click Test to test the

Microsoft Windows sign-in setup.

●

Domain

●

Username

●

Password

DSS Windows authentication uses Microsoft Active Directory, a special-purpose database that

contains information about objects, including users, that are contained within the domain. The Active

Directory database resides on domain controllers and is automatically replicated across all domain

controllers in the domain. Active Directory provides an LDAP interface to the data in the directory

database.

As shown in

Figure 3-17 Windows Active Directory authentication on page 72, the following steps

occur during Windows authentication:

1. The user types his or her username and password at the device. This information is securely

transmitted to the DSS server.

2. The DSS program authenticates to the domain through the Windows API to validate the user’s

credentials.

3. If the user’s credentials are correct, the Domain Controller returns either the security identifier

(SID) or the BSID (Binary SID).

4. Using the LDAP interface, DSS queries the LDAP directory for the authenticated user’s e-mail

address.

5. The LDAP directory returns the authenticated user’s e-mail address.

6. DSS inserts the authenticated user’s e-mail address in the From: text box of the e-mail and

prohibits the user from changing the field.

ENWW

Configuration