User's Manual
Table Of Contents
- ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
- Contents
- About This Manual
- Chapter 1 Introduction
- Chapter 2 Using the Setup Wizard to Provision the STM in Your Network
- Choosing a Deployment Scenario
- Understanding the Steps for Initial Connection
- Logging In to the STM
- Using the Setup Wizard to Perform the Initial Configuration
- Setup Wizard Step 1 of 10: Introduction
- Setup Wizard Step 2 of 11: Networking Settings
- Setup Wizard Step 3 of 11: Time Zone
- Setup Wizard Step 4 of 11: Email Security
- Setup Wizard Step 5 of 11: Web Security
- Setup Wizard Step 6 of 11: Email Notification Server Settings
- Setup Wizard Step 7 of 11: Update Settings
- Setup Wizard Step 8 of 11: HTTP Proxy Settings
- Setup Wizard Step 9 of 11: Web Categories
- Setup Wizard Step 10 of 11: Configuration Summary
- Setup Wizard Step 11 of 11: Restarting the System
- Verifying Proper Installation
- Registering the STM with NETGEAR
- What to Do Next
- Chapter 3 Performing Network and System Management
- Configuring Network Settings
- Configuring Session Limits and Timeouts
- Configuring the HTTP Proxy Settings
- About Users with Administrative and Guest Privileges
- Configuring Remote Management Access
- Using an SNMP Manager
- Managing the Configuration File
- Updating the Software
- Configuring Date and Time Service
- Managing Digital Certificates
- Managing the Quarantine Settings
- Performance Management
- Chapter 4 Content Filtering and Optimizing Scans
- About Content Filtering and Scans
- Configuring E-mail Protection
- Configuring Web and Services Protection
- Configuring Application Control
- Setting Scanning Exclusions and Web Access Exceptions
- Chapter 5 Managing Users, Groups, and Authentication
- About Users, Groups, and Domains
- Configuring Groups
- Configuring User Accounts
- Configuring Authentication
- Global User Settings
- Viewing and Logging Out Active Users
- Chapter 6 Monitoring System Access and Performance
- Chapter 7 Troubleshooting and Using Online Support
- Appendix A Default Settings and Technical Specifications
- Appendix B Related Documents
- Index
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
5-12 Managing Users, Groups, and Authentication
v1.0, September 2009
RADIUS support two types of protocols:
– PAP. Password Authentication Protocol (PAP) is a simple protocol in which the client
sends a password in clear text.
– CHAP. Challenge Handshake Authentication Protocol (CHAP) executes a three-way
handshake in which the client and server trade challenge messages, each responding
with a hash of the other’s challenge message that is calculated using a shared secret
value.
When logging in through the User Portal Login screen, users must provide their name and
password, and select the domain that corresponds to the authentication method that has been
assigned to them.
Understanding Active Directories and LDAP Configurations
This manual assumes that you already have a knowledge of Active Directories and LDAP servers.
The following sections are meant to provide some additional information before you go to
“Creating and Deleting LDAP and Active Directory Domains” on page 5-16.
How an Active Directory Works
Understanding how a typical Active Directory (AD) works might be of help when specifying the
settings for the LDAP and Active Directory domains on the STM.
The following applies to a typical AD:
• Organizational unit (ou), common name (cn), and domain controller (dc) can all be used to
build a search base in the AD. The following applies to the ‘ou’ and ‘cn’ containers:
– An AD administrator can create an ou but cannot create a cn that was built in the AD
server.
– An AD administrator can apply a global policy objects (gpo) to an ou, but not to a cn.
• An ou is created in the root node (for example, dc=companyname, dc=com) of the hierarchy.
In a company AD, an ou often represents a regional office or department.
• A groups is created under cn=users.
• A users is created under each ou so that the user can logically show in a tree of the AD server.
• A relationship between a group and users is built using their attributes (by default: member
and memberOf). These show in a lookup result.
The following is an example of how to set the search base:
If in a company AD server “cn=users” and “ou=companyname” and both are specified under
“dc=companyname,dc=com”, the search base must be set as “dc=companyname,dc=com” in order
to search both users and groups.