Configuring Global Authentication Settings Parent topic

You can globally enable Active Directory authentication for users accessing web resources, for users accessing the Deep Discovery Web Inspector web console, for policy and HTTPS inspection policy matches, and for account management.
You should consider the following when using Active Directory authentication for Captive Portal:
  • If Deep Discovery Web Inspector can do pass-through authentication for the user requesting access to web resources, a separate log on is not required.
  • If Deep Discovery Web Inspector is unable to transparently perform pass-through authentication, Captive Portal takes over and authenticates the user. The Captive Portal sign-on page requires users to specify a user name and password before accessing the network or Internet.
    The Captive Portal sign-on page takes over and authenticates for the following reasons:
    • The primary reason why the Captive Portal page is shown is because NTLM/Kerberos/basic authentication failed
      Note
      Note
      Only proxy mode supports basic authentication. Bridge mode does not support basic authentication
    • The client computer is not added into an Active Directory domain and the user name/password entered into Windows authentication window is incorrect.
    • The keytab file for the domain is imported, which makes this a Kerberos authentication scenario, and the time gap between client and Deep Discovery Web Inspector/KDC is too large (by default the gap must be less than 5 minutes). If the time gap is greater than five minutes, Kerberos authentication fails.
    • For some browsers in certain operating systems (for example Firefox in Ubuntu) or because of incompatibility problems with WIN2012R2, NTLM authentication might fail. Under these circumstances, the Captive Portal page is shown.
For more information, see Captive Portal.

Procedure

  1. Go to AdministrationActive Directory Services.
    The Active Directory Services screen appears.
    Important
    Important
    Before you proceed, consider the following: The following operation restarts the scan daemon and the authentication daemon, which interrupts daily traffic; therefore, this operation should be executed during non-working time:
  2. Click on Configure Global Authentication Settings.
    The Global Authentication Settings screen opens.
  3. Click on Enable global authentication to globally enable the use of Active Directory Services for authentication.
  4. Under Kerberos keytable, perform one of the following:
    • To use Kerberos authentication, click on Import to import the Kerberos key table.
    • Select Disable Kerberos Authentication if you do not want users to use Kerberos authentication.
  5. Under Captive portal logo (customize), click on Import to import a custom logo image.
    The image displays on the Welcome to Captive Portal log on page.
  6. (Optional) Customize the Captive portal description that displays on the Welcome to Captive Portal log on page.
  7. Review information in Preview to verify that the displayed logo and message are as desired.
  8. (Optional) Restore the Captive Portal page to the default template by clicking on Restore Captive Portal.
  9. Click Save.

What to do next

You can change the certificate used for user authentication by clicking on Click here to change the administration portal certificate. By clicking on this link, you will be taken to another screen. To return to the Global Authentication Settings screen, you will need to manually navigate back to it.
Related information