Windows Authentication
This authentication method allows your users to log into GFI OneConnect using their existing Windows passwords, as configured in your Active DirectoryA technology that provides a variety of network services, including LDAP-like directory services. forest.
How it works
When a user tries to login, GFI OneConnect validates with Windows Authentication Manager component installed in your environment whether the credentials supplied are valid. Windows Authentication Manager, in turn, queries Active Directory to verify the credentials. The Active Directory reply (confirm or deny the validity of credentials supplied) gets sent back to the data center to allow or block access to GFI OneConnect.
IMPORTANT
User passwords are NOT stored on the GFI OneConnect data center. Authentication Manager validates credentials against the local Windows subsystem when users attempt to login. If the data center does not have access to at least one Windows Authentication Manager instance, users will not be able to login using their Windows credentials.
Windows Authentication prerequisites and important notes
The following are required to use Windows Authentication:
- Ideally multiple Authentication Managers are installed, each in a different geographic region. More Authentication Managers provide redundancy and shorter login times. For more information refer to Installing Windows Authentication Manager.
- Any machine housing an Authentication Manager must be able to access a Domain ControllerA server that responds to security authentication requests within a domain, such as when logging in and checking permissions. capable of authenticating a given user.
- Sites housing Authentication Managers must have dedicated internet connections to provide redundancy in case of a site failure.
- Disabled and/or Locked Active Directory accounts cannot log in.
- Windows NT login IDs cannot be used; there is no way to ensure that an NT ID is globally unique. The SMTPSimple Mail Transfer Protocol (SMTP) is an Internet standard used by GFI OneGuard for electronic mail (email) transmission. SMTP by default uses TCP port 25. address is a unique identifier.
Support for Exchange Resource Forests varies depending on the type of trust between the Exchange and security forests.
- Two-way trust: No changes beyond the normal requirements for deploying authentication controllers (redundancy, distributed, etc) should be required.
- One-way trust: Treat one-way trusts as distributed environments, and be sure to deploy a sufficient number of authentication controllers for redundancy purposes.
See also: