Authentuication for Internet Access ? Or VPN access ?
As Ross mentioned, the intended use may have an influence.
However, you could consider installing the Internet Authentication Service (IAS) to either the domain controller or a member of the domain and this will then provide you with a RADIUS interface to your domain user accounts. As long as the element you are trying to use within your SG720 supports the idea of using RADIUS then you should then be able to hand-off the authentication request to IAS and, ultimately, the domain controller.
There is also a Domain tab present in the Users menu based on what I am looking at on my 4.0.2 SG565 appliance, which would actually support the fact that native domain authentication is possible - even without a RADIUS link. Looking at the manual (p337) it says:-
The Domain page allows you to specify a Windows NT domain and primary and secondary servers so that authentication can take place against the domsin contoller.
Then it would appear to be a case of navigating to the PAM section of the Users screen and choosing which elements (Access Control, Web Administration, etc...) you wish to use domain authentication for.
Message was edited by: PhilM on 26/01/10 16:44:56 GMT
The Domain feature you see is capable of querying in a NT4 compatable way to see if credentials are correct.
Hence a simple yah or nah is the reply in response to credential the UTM device passes through to the NT4 compatable server ( another challenge in todays age ).
As such we can't really query if the user has remote access or not, as no group membership is available.
Hence RADIUS is the preferred option as IAS will only authenticate approved remote VPN users.
There are changes on the road map to come regarding the UTM device and AD, and one will be the ability to obtain group membership, and as such determine if a user does have the rights to also VPN in to the corporate network without RADIUS.
Re reading the post says web users...sorry.
let me confirm the actual current features in this regard and get back to you
Phil...get off version 4.0.2 and onto current is my advice
1 of 1 people found this helpful
If you create a group
system -> users -> groups -> new
and give that group
Internet Access (via. Access Controls)
then go to
system -> users -> PAM -> Access Control
Authentication Method = NT Domain
Default Group = group created above
system -> users -> Domain
complete the details. If you don't have a seconday server, simply duplicate the primary entries in the secondary fields.
Firewall -> Access Control -> Require User Authentication = checked
Have a look at the help on this pages we well as it shows you which order access controls are parsed in.
thanks for the help