Installation guide

2.9 Mapping of user accounts and groups from the Active Directory
13
SSL-VPN interface is used for secured remote connections to shared files in local networks by
a web browser.
For proper functionality of web services, an SSL certificate is required that proves the server’s
identity. To create certificates for web interfaces, go to Configuration Advanced Options,
to the Web Interface or the SSL-VPN tab. In advanced settings of individual interfaces, select
Change SSL certificate and Create certificate.
The server name for which the certificate will be issued should be identical with the server
name including domain in our example, name server.company.com is used. For access
to Kerio Control interfaces from the Internet, a record for this name must exist also in public
DNS.
Hint:
It is recommended to replace the created SSL certificates by an SSL certificate issued by
a public certification authority (one certificate can be used both for the web interface and
the Clientless SSL-VPN interface — there is no need to pay for two certificates).
2.9 Mapping of user accounts and groups from the Active Directory
To enable disposal of Active Directory user accounts, set mapping of a corresponding domain
and define a template that will apply specific Kerio Control parameters (user rights, data
transfer quotas, etc.) to all users.
Domain mapping
To set Active Directory domain mapping, go to the Active Directory tab under User and
Groups Users. The firewall must belong to the corresponding domain. For mapping of
user accounts, enter name and password of a user with rights to read the Active Directory
database (any user belonging to the domain).
Creating templates for user accounts
On the User Accounts tab, select the mapped Active Directory domain, i.e. company.com. If
mapping is set correctly, all user accounts included in the domain will be displayed here.
Click on the Template button to define a template for user accounts. It is also intended to
enable remote users to access the local network by Kerio VPN Client or Kerio Clientless SSL-
VPN. Set user rights on the Rights tab.
Hint:
In case you do not want to use any of the domain accounts, you can block them in Kerio
Control and hide blocked accounts. The accounts will be blocked only in Kerio Control, they
will stay active in the domain.