Howto Implementclientlesssinglesignonauthenticationinmultipleactivedirectorydomain 120501101050...
-
Upload
kernel1987 -
Category
Documents
-
view
225 -
download
6
Transcript of Howto Implementclientlesssinglesignonauthenticationinmultipleactivedirectorydomain 120501101050...
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
1
Applicable to ndash All the versions of Windows
This article describes how to implement Clientless single sign on authentication with Active Directory integration
Cyberoam ndash ADS integration feature allows Cyberoam to map the users and groups from Active Directory for the purpose of authentication
Prerequisites
NetBIOS Domain name
FQDN Domain name
Search DN
Active Directory Server IP address
Administrator Username and Password (Active Directory Domain)
IP address of Cyberoam Interface connected to Active Directory server
Import AD groups
Configure Clientless SSO
Configuring ADS authentication
Logon to Cyberoam Web Admin Console and follow the below given steps
Step 1 Create ADS user groups
Please check Cyberoam version before you continue as this is version specific step
All Versions below 953 build 14
Go to Groupgt Add Group and create all the ADS user groups
For mapping the ADS user groups with the Cyberoam user groups create all the ADS user groups into Cyberoam before ADS users log on to Cyberoam for the first time If the ADS groups are not created in Cyberoam all the users will be assigned to the Default group of Cyberoam
If all the ADS user groups are created in Cyberoam before users log on to Cyberoam then user will be automatically created in the respective group when they log on to Cyberoam
Version 95314 or above
Instead of creating groups again in Cyberoam you can import AD groups into Cyberoam using Import Wizard
One can import groups only after integrating and defining AD parameters into Cybeoam
If you intend to import group skip this step
Step 2 Define Authentication parameters
Go to UsergtAuthentication Settings
Select bdquoActive Directory‟ under Configure Authentication amp Integration parameters
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
2
Select Default Group
Cyberoam will create user(s) in the respective groups if groups are already created in Cyberoam otherwise user will be created in the group selected as Default group
Click Update to save the settings
Step 3 Configure Cyberoam to use Active Directory
Click Add to configure Active Directory parameters
Specify IP address of Active Directory
Specify TCPIP port number in Port field It is the port on which ADS server listens for the authentication requests On Cyberoam appliance the default port for ADS traffic is 389 If your AD server is using another port specify port number in Port field
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
3
Specify NetBIOS Domain name If you do not know NetBIOS name refer to section bdquoDetermine NetBIOS Name FQDN and Search DN‟
Specify Active Directory Administrator Username and password
Cyberoam allows implementing AD integration in two ways
Tight Integration ndash With tight integration Cyberoam synchronizes groups with AD every time the user tries to logon Hence even if the group of a user is changed in Cyberoam on subsequent log in attempt user logs on as the member of the same group as configured in Active Directory In this case group membership of each user is as defined in the Active Directory
Loose Integration ndash With loose integration Cyberoam does the Group management and does not synchronize groups with AD when user tries to logon By default users will be the member of Cyberoam default group irrespective of Active Directory group administrator can change the group membership Cyberoam will use authentication attribute for authenticating users with Active Directory
Click ldquoTest Connectionrdquo to check whether Cyberoam is able to connect to the Active Directory or not If Cyberoam is able to connect to the Active Directory click Add to save the configuration
Step 4 Add Domain Query
If Cyberoam is able to connect to the Active Directory click Add to enter Domain name
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
4
Enter Domain name (FQDN Domain Name)
Click Add and enter Search DN Check the steps provided in section bdquoDetermine NETBIOS Name FQDN and Search DN‟ to find the Search DN
Click OK to save the query
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
5
Click Save to save the Domain details
Step 5 Test Active Directory integration
Go to HelpgtDownloads and click HTTP to open the HTTP client login page
Specify username and password
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
6
Username will be displayed on UsergtManage Live Users page if user is able to log on to Cyberoam successfully
This completes the AD configuration
Import AD Groups
If you have deployed v 953 build 14 or above import AD groups into Cyberoam using Import Wizard before configuring for single sign on
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
7
Clientless Single Sign on Implementation
Transparent Authentication (Clientless Single Sign on)
Cyberoam introduces Clientless Single Sign On as a Cyberoam Transparent Authentication Suite (CTAS)
With Single Sign On authentication user automatically logs on to the Cyberoam when logs on to Windows through his windows username and password Hence eliminating the need of multiple logins and username amp passwords
But Clientless Single Sign On not only eliminates the need to remember multiple passwords ndash Windows and Cyberoam it also eliminates the installation of SSO clients on each workstation Hence delivering high ease-of-use to end-users higher levels of security in addition to lowering operational costs involved in client installation
Cyberoam Transparent Authentication Suite (CTAS)
CTA Suite consists of
CTA Agent ndash It monitors user authentication request coming on the domain controller and sends information to the Collector for Cyberoam authentication
CTA Collector ndash It collects the user authentication request from multiple agents processes the request and sends to Cyberoam for authentication
How does Cyberoam CTA Agent work
User Authentication Information Collection Process
1 User tries to log on to the Active Directory Domain Controller from any workstation in LAN Domain Controller tries to authenticate user credentials
2 This authentication process is captured and communicated to CTA Collector over default port 5566 by CTA Agent real time
3 CTA Collector registers user in the Local database and communicates user information to Cyberoam over the default port 6060
4 Cyberoam queries Active Directory to determine user‟s group membership and registers user in Cyberoam database
Based on data from CTA Agent Cyberoam queries AD server to determine group membership and based on which access is granted or denied Users logged into a workstation directly ie locally but not logged into the domain will not be authenticated and are considered as ldquoUnauthenticatedrdquo or ldquoGuestrdquo user For users that are not logged into the domain the HTTP Login screen prompting for a manual login will be displayed for further authentication
Step 6 Installing CTA Suite
Download CTA Suite from wwwcyberoamcomcyberoamclientshtml
Extract ctasrar and install CTA Suite on Domain controller by following the on-screen instructions Administrative right is required to install CTA Suite
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
8
Check for ldquoCyberoam Transparent Authentication Suiterdquo tab from ldquoStartrdquo gt ldquoAll Programsrdquo
If installed successfully ldquoCyberoam Transparent Authentication Suiterdquo tab will be added
Consider the below given hypothetical network example where single domain controller is configured and follow the below given steps to configure Cyberoam Transparent Authentication
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
9
Step 7 Configure CTA Collector from CTA Collector Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
10
If ldquologoff detection settingsrdquo is enabled and firewall is configured on the Workstation please allow the traffic to and from Domain controller
Step 8 Configure Agent from CTA Agent Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
11
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
12
Step 9 Configure Agent from CTA Agent Tab on Additional Domain Controller 1
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
13
Repeat step 9 for all the additional Domain Controller
Step 10 Configure Cyberoam
Logon to CLI Console with default password go to Option 4 Cyberoam Console and execute following command at the prompt
corporategtcyberoam cta enable
corporategtcyberoam cta collector add collector-ip ltipaddressgt collector-portltport numbergt
Please make sure that you restart management services after enabling the CTA services
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
14
Step 11 Enable Security Event logging on Active Directory
This completes the configuration
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
15
Determine NetBIOS Name FQDN and Search DN
On the ADS server
Go to StartgtPrograms gt Administrative Tools gt Active Directory Users and Computers
Right Click the required domain and go to Properties tab
Search DN will be based on the FQDN In the given example FQDN is elitecorecom and Search DN will be DC=elitecore DC=com
Document Version 20 - 15072011
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
2
Select Default Group
Cyberoam will create user(s) in the respective groups if groups are already created in Cyberoam otherwise user will be created in the group selected as Default group
Click Update to save the settings
Step 3 Configure Cyberoam to use Active Directory
Click Add to configure Active Directory parameters
Specify IP address of Active Directory
Specify TCPIP port number in Port field It is the port on which ADS server listens for the authentication requests On Cyberoam appliance the default port for ADS traffic is 389 If your AD server is using another port specify port number in Port field
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
3
Specify NetBIOS Domain name If you do not know NetBIOS name refer to section bdquoDetermine NetBIOS Name FQDN and Search DN‟
Specify Active Directory Administrator Username and password
Cyberoam allows implementing AD integration in two ways
Tight Integration ndash With tight integration Cyberoam synchronizes groups with AD every time the user tries to logon Hence even if the group of a user is changed in Cyberoam on subsequent log in attempt user logs on as the member of the same group as configured in Active Directory In this case group membership of each user is as defined in the Active Directory
Loose Integration ndash With loose integration Cyberoam does the Group management and does not synchronize groups with AD when user tries to logon By default users will be the member of Cyberoam default group irrespective of Active Directory group administrator can change the group membership Cyberoam will use authentication attribute for authenticating users with Active Directory
Click ldquoTest Connectionrdquo to check whether Cyberoam is able to connect to the Active Directory or not If Cyberoam is able to connect to the Active Directory click Add to save the configuration
Step 4 Add Domain Query
If Cyberoam is able to connect to the Active Directory click Add to enter Domain name
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
4
Enter Domain name (FQDN Domain Name)
Click Add and enter Search DN Check the steps provided in section bdquoDetermine NETBIOS Name FQDN and Search DN‟ to find the Search DN
Click OK to save the query
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
5
Click Save to save the Domain details
Step 5 Test Active Directory integration
Go to HelpgtDownloads and click HTTP to open the HTTP client login page
Specify username and password
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
6
Username will be displayed on UsergtManage Live Users page if user is able to log on to Cyberoam successfully
This completes the AD configuration
Import AD Groups
If you have deployed v 953 build 14 or above import AD groups into Cyberoam using Import Wizard before configuring for single sign on
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
7
Clientless Single Sign on Implementation
Transparent Authentication (Clientless Single Sign on)
Cyberoam introduces Clientless Single Sign On as a Cyberoam Transparent Authentication Suite (CTAS)
With Single Sign On authentication user automatically logs on to the Cyberoam when logs on to Windows through his windows username and password Hence eliminating the need of multiple logins and username amp passwords
But Clientless Single Sign On not only eliminates the need to remember multiple passwords ndash Windows and Cyberoam it also eliminates the installation of SSO clients on each workstation Hence delivering high ease-of-use to end-users higher levels of security in addition to lowering operational costs involved in client installation
Cyberoam Transparent Authentication Suite (CTAS)
CTA Suite consists of
CTA Agent ndash It monitors user authentication request coming on the domain controller and sends information to the Collector for Cyberoam authentication
CTA Collector ndash It collects the user authentication request from multiple agents processes the request and sends to Cyberoam for authentication
How does Cyberoam CTA Agent work
User Authentication Information Collection Process
1 User tries to log on to the Active Directory Domain Controller from any workstation in LAN Domain Controller tries to authenticate user credentials
2 This authentication process is captured and communicated to CTA Collector over default port 5566 by CTA Agent real time
3 CTA Collector registers user in the Local database and communicates user information to Cyberoam over the default port 6060
4 Cyberoam queries Active Directory to determine user‟s group membership and registers user in Cyberoam database
Based on data from CTA Agent Cyberoam queries AD server to determine group membership and based on which access is granted or denied Users logged into a workstation directly ie locally but not logged into the domain will not be authenticated and are considered as ldquoUnauthenticatedrdquo or ldquoGuestrdquo user For users that are not logged into the domain the HTTP Login screen prompting for a manual login will be displayed for further authentication
Step 6 Installing CTA Suite
Download CTA Suite from wwwcyberoamcomcyberoamclientshtml
Extract ctasrar and install CTA Suite on Domain controller by following the on-screen instructions Administrative right is required to install CTA Suite
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
8
Check for ldquoCyberoam Transparent Authentication Suiterdquo tab from ldquoStartrdquo gt ldquoAll Programsrdquo
If installed successfully ldquoCyberoam Transparent Authentication Suiterdquo tab will be added
Consider the below given hypothetical network example where single domain controller is configured and follow the below given steps to configure Cyberoam Transparent Authentication
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
9
Step 7 Configure CTA Collector from CTA Collector Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
10
If ldquologoff detection settingsrdquo is enabled and firewall is configured on the Workstation please allow the traffic to and from Domain controller
Step 8 Configure Agent from CTA Agent Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
11
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
12
Step 9 Configure Agent from CTA Agent Tab on Additional Domain Controller 1
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
13
Repeat step 9 for all the additional Domain Controller
Step 10 Configure Cyberoam
Logon to CLI Console with default password go to Option 4 Cyberoam Console and execute following command at the prompt
corporategtcyberoam cta enable
corporategtcyberoam cta collector add collector-ip ltipaddressgt collector-portltport numbergt
Please make sure that you restart management services after enabling the CTA services
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
14
Step 11 Enable Security Event logging on Active Directory
This completes the configuration
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
15
Determine NetBIOS Name FQDN and Search DN
On the ADS server
Go to StartgtPrograms gt Administrative Tools gt Active Directory Users and Computers
Right Click the required domain and go to Properties tab
Search DN will be based on the FQDN In the given example FQDN is elitecorecom and Search DN will be DC=elitecore DC=com
Document Version 20 - 15072011
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
3
Specify NetBIOS Domain name If you do not know NetBIOS name refer to section bdquoDetermine NetBIOS Name FQDN and Search DN‟
Specify Active Directory Administrator Username and password
Cyberoam allows implementing AD integration in two ways
Tight Integration ndash With tight integration Cyberoam synchronizes groups with AD every time the user tries to logon Hence even if the group of a user is changed in Cyberoam on subsequent log in attempt user logs on as the member of the same group as configured in Active Directory In this case group membership of each user is as defined in the Active Directory
Loose Integration ndash With loose integration Cyberoam does the Group management and does not synchronize groups with AD when user tries to logon By default users will be the member of Cyberoam default group irrespective of Active Directory group administrator can change the group membership Cyberoam will use authentication attribute for authenticating users with Active Directory
Click ldquoTest Connectionrdquo to check whether Cyberoam is able to connect to the Active Directory or not If Cyberoam is able to connect to the Active Directory click Add to save the configuration
Step 4 Add Domain Query
If Cyberoam is able to connect to the Active Directory click Add to enter Domain name
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
4
Enter Domain name (FQDN Domain Name)
Click Add and enter Search DN Check the steps provided in section bdquoDetermine NETBIOS Name FQDN and Search DN‟ to find the Search DN
Click OK to save the query
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
5
Click Save to save the Domain details
Step 5 Test Active Directory integration
Go to HelpgtDownloads and click HTTP to open the HTTP client login page
Specify username and password
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
6
Username will be displayed on UsergtManage Live Users page if user is able to log on to Cyberoam successfully
This completes the AD configuration
Import AD Groups
If you have deployed v 953 build 14 or above import AD groups into Cyberoam using Import Wizard before configuring for single sign on
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
7
Clientless Single Sign on Implementation
Transparent Authentication (Clientless Single Sign on)
Cyberoam introduces Clientless Single Sign On as a Cyberoam Transparent Authentication Suite (CTAS)
With Single Sign On authentication user automatically logs on to the Cyberoam when logs on to Windows through his windows username and password Hence eliminating the need of multiple logins and username amp passwords
But Clientless Single Sign On not only eliminates the need to remember multiple passwords ndash Windows and Cyberoam it also eliminates the installation of SSO clients on each workstation Hence delivering high ease-of-use to end-users higher levels of security in addition to lowering operational costs involved in client installation
Cyberoam Transparent Authentication Suite (CTAS)
CTA Suite consists of
CTA Agent ndash It monitors user authentication request coming on the domain controller and sends information to the Collector for Cyberoam authentication
CTA Collector ndash It collects the user authentication request from multiple agents processes the request and sends to Cyberoam for authentication
How does Cyberoam CTA Agent work
User Authentication Information Collection Process
1 User tries to log on to the Active Directory Domain Controller from any workstation in LAN Domain Controller tries to authenticate user credentials
2 This authentication process is captured and communicated to CTA Collector over default port 5566 by CTA Agent real time
3 CTA Collector registers user in the Local database and communicates user information to Cyberoam over the default port 6060
4 Cyberoam queries Active Directory to determine user‟s group membership and registers user in Cyberoam database
Based on data from CTA Agent Cyberoam queries AD server to determine group membership and based on which access is granted or denied Users logged into a workstation directly ie locally but not logged into the domain will not be authenticated and are considered as ldquoUnauthenticatedrdquo or ldquoGuestrdquo user For users that are not logged into the domain the HTTP Login screen prompting for a manual login will be displayed for further authentication
Step 6 Installing CTA Suite
Download CTA Suite from wwwcyberoamcomcyberoamclientshtml
Extract ctasrar and install CTA Suite on Domain controller by following the on-screen instructions Administrative right is required to install CTA Suite
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
8
Check for ldquoCyberoam Transparent Authentication Suiterdquo tab from ldquoStartrdquo gt ldquoAll Programsrdquo
If installed successfully ldquoCyberoam Transparent Authentication Suiterdquo tab will be added
Consider the below given hypothetical network example where single domain controller is configured and follow the below given steps to configure Cyberoam Transparent Authentication
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
9
Step 7 Configure CTA Collector from CTA Collector Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
10
If ldquologoff detection settingsrdquo is enabled and firewall is configured on the Workstation please allow the traffic to and from Domain controller
Step 8 Configure Agent from CTA Agent Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
11
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
12
Step 9 Configure Agent from CTA Agent Tab on Additional Domain Controller 1
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
13
Repeat step 9 for all the additional Domain Controller
Step 10 Configure Cyberoam
Logon to CLI Console with default password go to Option 4 Cyberoam Console and execute following command at the prompt
corporategtcyberoam cta enable
corporategtcyberoam cta collector add collector-ip ltipaddressgt collector-portltport numbergt
Please make sure that you restart management services after enabling the CTA services
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
14
Step 11 Enable Security Event logging on Active Directory
This completes the configuration
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
15
Determine NetBIOS Name FQDN and Search DN
On the ADS server
Go to StartgtPrograms gt Administrative Tools gt Active Directory Users and Computers
Right Click the required domain and go to Properties tab
Search DN will be based on the FQDN In the given example FQDN is elitecorecom and Search DN will be DC=elitecore DC=com
Document Version 20 - 15072011
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
4
Enter Domain name (FQDN Domain Name)
Click Add and enter Search DN Check the steps provided in section bdquoDetermine NETBIOS Name FQDN and Search DN‟ to find the Search DN
Click OK to save the query
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
5
Click Save to save the Domain details
Step 5 Test Active Directory integration
Go to HelpgtDownloads and click HTTP to open the HTTP client login page
Specify username and password
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
6
Username will be displayed on UsergtManage Live Users page if user is able to log on to Cyberoam successfully
This completes the AD configuration
Import AD Groups
If you have deployed v 953 build 14 or above import AD groups into Cyberoam using Import Wizard before configuring for single sign on
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
7
Clientless Single Sign on Implementation
Transparent Authentication (Clientless Single Sign on)
Cyberoam introduces Clientless Single Sign On as a Cyberoam Transparent Authentication Suite (CTAS)
With Single Sign On authentication user automatically logs on to the Cyberoam when logs on to Windows through his windows username and password Hence eliminating the need of multiple logins and username amp passwords
But Clientless Single Sign On not only eliminates the need to remember multiple passwords ndash Windows and Cyberoam it also eliminates the installation of SSO clients on each workstation Hence delivering high ease-of-use to end-users higher levels of security in addition to lowering operational costs involved in client installation
Cyberoam Transparent Authentication Suite (CTAS)
CTA Suite consists of
CTA Agent ndash It monitors user authentication request coming on the domain controller and sends information to the Collector for Cyberoam authentication
CTA Collector ndash It collects the user authentication request from multiple agents processes the request and sends to Cyberoam for authentication
How does Cyberoam CTA Agent work
User Authentication Information Collection Process
1 User tries to log on to the Active Directory Domain Controller from any workstation in LAN Domain Controller tries to authenticate user credentials
2 This authentication process is captured and communicated to CTA Collector over default port 5566 by CTA Agent real time
3 CTA Collector registers user in the Local database and communicates user information to Cyberoam over the default port 6060
4 Cyberoam queries Active Directory to determine user‟s group membership and registers user in Cyberoam database
Based on data from CTA Agent Cyberoam queries AD server to determine group membership and based on which access is granted or denied Users logged into a workstation directly ie locally but not logged into the domain will not be authenticated and are considered as ldquoUnauthenticatedrdquo or ldquoGuestrdquo user For users that are not logged into the domain the HTTP Login screen prompting for a manual login will be displayed for further authentication
Step 6 Installing CTA Suite
Download CTA Suite from wwwcyberoamcomcyberoamclientshtml
Extract ctasrar and install CTA Suite on Domain controller by following the on-screen instructions Administrative right is required to install CTA Suite
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
8
Check for ldquoCyberoam Transparent Authentication Suiterdquo tab from ldquoStartrdquo gt ldquoAll Programsrdquo
If installed successfully ldquoCyberoam Transparent Authentication Suiterdquo tab will be added
Consider the below given hypothetical network example where single domain controller is configured and follow the below given steps to configure Cyberoam Transparent Authentication
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
9
Step 7 Configure CTA Collector from CTA Collector Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
10
If ldquologoff detection settingsrdquo is enabled and firewall is configured on the Workstation please allow the traffic to and from Domain controller
Step 8 Configure Agent from CTA Agent Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
11
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
12
Step 9 Configure Agent from CTA Agent Tab on Additional Domain Controller 1
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
13
Repeat step 9 for all the additional Domain Controller
Step 10 Configure Cyberoam
Logon to CLI Console with default password go to Option 4 Cyberoam Console and execute following command at the prompt
corporategtcyberoam cta enable
corporategtcyberoam cta collector add collector-ip ltipaddressgt collector-portltport numbergt
Please make sure that you restart management services after enabling the CTA services
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
14
Step 11 Enable Security Event logging on Active Directory
This completes the configuration
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
15
Determine NetBIOS Name FQDN and Search DN
On the ADS server
Go to StartgtPrograms gt Administrative Tools gt Active Directory Users and Computers
Right Click the required domain and go to Properties tab
Search DN will be based on the FQDN In the given example FQDN is elitecorecom and Search DN will be DC=elitecore DC=com
Document Version 20 - 15072011
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
5
Click Save to save the Domain details
Step 5 Test Active Directory integration
Go to HelpgtDownloads and click HTTP to open the HTTP client login page
Specify username and password
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
6
Username will be displayed on UsergtManage Live Users page if user is able to log on to Cyberoam successfully
This completes the AD configuration
Import AD Groups
If you have deployed v 953 build 14 or above import AD groups into Cyberoam using Import Wizard before configuring for single sign on
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
7
Clientless Single Sign on Implementation
Transparent Authentication (Clientless Single Sign on)
Cyberoam introduces Clientless Single Sign On as a Cyberoam Transparent Authentication Suite (CTAS)
With Single Sign On authentication user automatically logs on to the Cyberoam when logs on to Windows through his windows username and password Hence eliminating the need of multiple logins and username amp passwords
But Clientless Single Sign On not only eliminates the need to remember multiple passwords ndash Windows and Cyberoam it also eliminates the installation of SSO clients on each workstation Hence delivering high ease-of-use to end-users higher levels of security in addition to lowering operational costs involved in client installation
Cyberoam Transparent Authentication Suite (CTAS)
CTA Suite consists of
CTA Agent ndash It monitors user authentication request coming on the domain controller and sends information to the Collector for Cyberoam authentication
CTA Collector ndash It collects the user authentication request from multiple agents processes the request and sends to Cyberoam for authentication
How does Cyberoam CTA Agent work
User Authentication Information Collection Process
1 User tries to log on to the Active Directory Domain Controller from any workstation in LAN Domain Controller tries to authenticate user credentials
2 This authentication process is captured and communicated to CTA Collector over default port 5566 by CTA Agent real time
3 CTA Collector registers user in the Local database and communicates user information to Cyberoam over the default port 6060
4 Cyberoam queries Active Directory to determine user‟s group membership and registers user in Cyberoam database
Based on data from CTA Agent Cyberoam queries AD server to determine group membership and based on which access is granted or denied Users logged into a workstation directly ie locally but not logged into the domain will not be authenticated and are considered as ldquoUnauthenticatedrdquo or ldquoGuestrdquo user For users that are not logged into the domain the HTTP Login screen prompting for a manual login will be displayed for further authentication
Step 6 Installing CTA Suite
Download CTA Suite from wwwcyberoamcomcyberoamclientshtml
Extract ctasrar and install CTA Suite on Domain controller by following the on-screen instructions Administrative right is required to install CTA Suite
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
8
Check for ldquoCyberoam Transparent Authentication Suiterdquo tab from ldquoStartrdquo gt ldquoAll Programsrdquo
If installed successfully ldquoCyberoam Transparent Authentication Suiterdquo tab will be added
Consider the below given hypothetical network example where single domain controller is configured and follow the below given steps to configure Cyberoam Transparent Authentication
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
9
Step 7 Configure CTA Collector from CTA Collector Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
10
If ldquologoff detection settingsrdquo is enabled and firewall is configured on the Workstation please allow the traffic to and from Domain controller
Step 8 Configure Agent from CTA Agent Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
11
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
12
Step 9 Configure Agent from CTA Agent Tab on Additional Domain Controller 1
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
13
Repeat step 9 for all the additional Domain Controller
Step 10 Configure Cyberoam
Logon to CLI Console with default password go to Option 4 Cyberoam Console and execute following command at the prompt
corporategtcyberoam cta enable
corporategtcyberoam cta collector add collector-ip ltipaddressgt collector-portltport numbergt
Please make sure that you restart management services after enabling the CTA services
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
14
Step 11 Enable Security Event logging on Active Directory
This completes the configuration
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
15
Determine NetBIOS Name FQDN and Search DN
On the ADS server
Go to StartgtPrograms gt Administrative Tools gt Active Directory Users and Computers
Right Click the required domain and go to Properties tab
Search DN will be based on the FQDN In the given example FQDN is elitecorecom and Search DN will be DC=elitecore DC=com
Document Version 20 - 15072011
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
6
Username will be displayed on UsergtManage Live Users page if user is able to log on to Cyberoam successfully
This completes the AD configuration
Import AD Groups
If you have deployed v 953 build 14 or above import AD groups into Cyberoam using Import Wizard before configuring for single sign on
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
7
Clientless Single Sign on Implementation
Transparent Authentication (Clientless Single Sign on)
Cyberoam introduces Clientless Single Sign On as a Cyberoam Transparent Authentication Suite (CTAS)
With Single Sign On authentication user automatically logs on to the Cyberoam when logs on to Windows through his windows username and password Hence eliminating the need of multiple logins and username amp passwords
But Clientless Single Sign On not only eliminates the need to remember multiple passwords ndash Windows and Cyberoam it also eliminates the installation of SSO clients on each workstation Hence delivering high ease-of-use to end-users higher levels of security in addition to lowering operational costs involved in client installation
Cyberoam Transparent Authentication Suite (CTAS)
CTA Suite consists of
CTA Agent ndash It monitors user authentication request coming on the domain controller and sends information to the Collector for Cyberoam authentication
CTA Collector ndash It collects the user authentication request from multiple agents processes the request and sends to Cyberoam for authentication
How does Cyberoam CTA Agent work
User Authentication Information Collection Process
1 User tries to log on to the Active Directory Domain Controller from any workstation in LAN Domain Controller tries to authenticate user credentials
2 This authentication process is captured and communicated to CTA Collector over default port 5566 by CTA Agent real time
3 CTA Collector registers user in the Local database and communicates user information to Cyberoam over the default port 6060
4 Cyberoam queries Active Directory to determine user‟s group membership and registers user in Cyberoam database
Based on data from CTA Agent Cyberoam queries AD server to determine group membership and based on which access is granted or denied Users logged into a workstation directly ie locally but not logged into the domain will not be authenticated and are considered as ldquoUnauthenticatedrdquo or ldquoGuestrdquo user For users that are not logged into the domain the HTTP Login screen prompting for a manual login will be displayed for further authentication
Step 6 Installing CTA Suite
Download CTA Suite from wwwcyberoamcomcyberoamclientshtml
Extract ctasrar and install CTA Suite on Domain controller by following the on-screen instructions Administrative right is required to install CTA Suite
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
8
Check for ldquoCyberoam Transparent Authentication Suiterdquo tab from ldquoStartrdquo gt ldquoAll Programsrdquo
If installed successfully ldquoCyberoam Transparent Authentication Suiterdquo tab will be added
Consider the below given hypothetical network example where single domain controller is configured and follow the below given steps to configure Cyberoam Transparent Authentication
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
9
Step 7 Configure CTA Collector from CTA Collector Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
10
If ldquologoff detection settingsrdquo is enabled and firewall is configured on the Workstation please allow the traffic to and from Domain controller
Step 8 Configure Agent from CTA Agent Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
11
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
12
Step 9 Configure Agent from CTA Agent Tab on Additional Domain Controller 1
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
13
Repeat step 9 for all the additional Domain Controller
Step 10 Configure Cyberoam
Logon to CLI Console with default password go to Option 4 Cyberoam Console and execute following command at the prompt
corporategtcyberoam cta enable
corporategtcyberoam cta collector add collector-ip ltipaddressgt collector-portltport numbergt
Please make sure that you restart management services after enabling the CTA services
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
14
Step 11 Enable Security Event logging on Active Directory
This completes the configuration
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
15
Determine NetBIOS Name FQDN and Search DN
On the ADS server
Go to StartgtPrograms gt Administrative Tools gt Active Directory Users and Computers
Right Click the required domain and go to Properties tab
Search DN will be based on the FQDN In the given example FQDN is elitecorecom and Search DN will be DC=elitecore DC=com
Document Version 20 - 15072011
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
7
Clientless Single Sign on Implementation
Transparent Authentication (Clientless Single Sign on)
Cyberoam introduces Clientless Single Sign On as a Cyberoam Transparent Authentication Suite (CTAS)
With Single Sign On authentication user automatically logs on to the Cyberoam when logs on to Windows through his windows username and password Hence eliminating the need of multiple logins and username amp passwords
But Clientless Single Sign On not only eliminates the need to remember multiple passwords ndash Windows and Cyberoam it also eliminates the installation of SSO clients on each workstation Hence delivering high ease-of-use to end-users higher levels of security in addition to lowering operational costs involved in client installation
Cyberoam Transparent Authentication Suite (CTAS)
CTA Suite consists of
CTA Agent ndash It monitors user authentication request coming on the domain controller and sends information to the Collector for Cyberoam authentication
CTA Collector ndash It collects the user authentication request from multiple agents processes the request and sends to Cyberoam for authentication
How does Cyberoam CTA Agent work
User Authentication Information Collection Process
1 User tries to log on to the Active Directory Domain Controller from any workstation in LAN Domain Controller tries to authenticate user credentials
2 This authentication process is captured and communicated to CTA Collector over default port 5566 by CTA Agent real time
3 CTA Collector registers user in the Local database and communicates user information to Cyberoam over the default port 6060
4 Cyberoam queries Active Directory to determine user‟s group membership and registers user in Cyberoam database
Based on data from CTA Agent Cyberoam queries AD server to determine group membership and based on which access is granted or denied Users logged into a workstation directly ie locally but not logged into the domain will not be authenticated and are considered as ldquoUnauthenticatedrdquo or ldquoGuestrdquo user For users that are not logged into the domain the HTTP Login screen prompting for a manual login will be displayed for further authentication
Step 6 Installing CTA Suite
Download CTA Suite from wwwcyberoamcomcyberoamclientshtml
Extract ctasrar and install CTA Suite on Domain controller by following the on-screen instructions Administrative right is required to install CTA Suite
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
8
Check for ldquoCyberoam Transparent Authentication Suiterdquo tab from ldquoStartrdquo gt ldquoAll Programsrdquo
If installed successfully ldquoCyberoam Transparent Authentication Suiterdquo tab will be added
Consider the below given hypothetical network example where single domain controller is configured and follow the below given steps to configure Cyberoam Transparent Authentication
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
9
Step 7 Configure CTA Collector from CTA Collector Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
10
If ldquologoff detection settingsrdquo is enabled and firewall is configured on the Workstation please allow the traffic to and from Domain controller
Step 8 Configure Agent from CTA Agent Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
11
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
12
Step 9 Configure Agent from CTA Agent Tab on Additional Domain Controller 1
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
13
Repeat step 9 for all the additional Domain Controller
Step 10 Configure Cyberoam
Logon to CLI Console with default password go to Option 4 Cyberoam Console and execute following command at the prompt
corporategtcyberoam cta enable
corporategtcyberoam cta collector add collector-ip ltipaddressgt collector-portltport numbergt
Please make sure that you restart management services after enabling the CTA services
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
14
Step 11 Enable Security Event logging on Active Directory
This completes the configuration
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
15
Determine NetBIOS Name FQDN and Search DN
On the ADS server
Go to StartgtPrograms gt Administrative Tools gt Active Directory Users and Computers
Right Click the required domain and go to Properties tab
Search DN will be based on the FQDN In the given example FQDN is elitecorecom and Search DN will be DC=elitecore DC=com
Document Version 20 - 15072011
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
8
Check for ldquoCyberoam Transparent Authentication Suiterdquo tab from ldquoStartrdquo gt ldquoAll Programsrdquo
If installed successfully ldquoCyberoam Transparent Authentication Suiterdquo tab will be added
Consider the below given hypothetical network example where single domain controller is configured and follow the below given steps to configure Cyberoam Transparent Authentication
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
9
Step 7 Configure CTA Collector from CTA Collector Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
10
If ldquologoff detection settingsrdquo is enabled and firewall is configured on the Workstation please allow the traffic to and from Domain controller
Step 8 Configure Agent from CTA Agent Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
11
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
12
Step 9 Configure Agent from CTA Agent Tab on Additional Domain Controller 1
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
13
Repeat step 9 for all the additional Domain Controller
Step 10 Configure Cyberoam
Logon to CLI Console with default password go to Option 4 Cyberoam Console and execute following command at the prompt
corporategtcyberoam cta enable
corporategtcyberoam cta collector add collector-ip ltipaddressgt collector-portltport numbergt
Please make sure that you restart management services after enabling the CTA services
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
14
Step 11 Enable Security Event logging on Active Directory
This completes the configuration
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
15
Determine NetBIOS Name FQDN and Search DN
On the ADS server
Go to StartgtPrograms gt Administrative Tools gt Active Directory Users and Computers
Right Click the required domain and go to Properties tab
Search DN will be based on the FQDN In the given example FQDN is elitecorecom and Search DN will be DC=elitecore DC=com
Document Version 20 - 15072011
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
9
Step 7 Configure CTA Collector from CTA Collector Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
10
If ldquologoff detection settingsrdquo is enabled and firewall is configured on the Workstation please allow the traffic to and from Domain controller
Step 8 Configure Agent from CTA Agent Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
11
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
12
Step 9 Configure Agent from CTA Agent Tab on Additional Domain Controller 1
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
13
Repeat step 9 for all the additional Domain Controller
Step 10 Configure Cyberoam
Logon to CLI Console with default password go to Option 4 Cyberoam Console and execute following command at the prompt
corporategtcyberoam cta enable
corporategtcyberoam cta collector add collector-ip ltipaddressgt collector-portltport numbergt
Please make sure that you restart management services after enabling the CTA services
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
14
Step 11 Enable Security Event logging on Active Directory
This completes the configuration
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
15
Determine NetBIOS Name FQDN and Search DN
On the ADS server
Go to StartgtPrograms gt Administrative Tools gt Active Directory Users and Computers
Right Click the required domain and go to Properties tab
Search DN will be based on the FQDN In the given example FQDN is elitecorecom and Search DN will be DC=elitecore DC=com
Document Version 20 - 15072011
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
10
If ldquologoff detection settingsrdquo is enabled and firewall is configured on the Workstation please allow the traffic to and from Domain controller
Step 8 Configure Agent from CTA Agent Tab on Primary Domain Controller
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
11
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
12
Step 9 Configure Agent from CTA Agent Tab on Additional Domain Controller 1
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
13
Repeat step 9 for all the additional Domain Controller
Step 10 Configure Cyberoam
Logon to CLI Console with default password go to Option 4 Cyberoam Console and execute following command at the prompt
corporategtcyberoam cta enable
corporategtcyberoam cta collector add collector-ip ltipaddressgt collector-portltport numbergt
Please make sure that you restart management services after enabling the CTA services
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
14
Step 11 Enable Security Event logging on Active Directory
This completes the configuration
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
15
Determine NetBIOS Name FQDN and Search DN
On the ADS server
Go to StartgtPrograms gt Administrative Tools gt Active Directory Users and Computers
Right Click the required domain and go to Properties tab
Search DN will be based on the FQDN In the given example FQDN is elitecorecom and Search DN will be DC=elitecore DC=com
Document Version 20 - 15072011
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
11
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
12
Step 9 Configure Agent from CTA Agent Tab on Additional Domain Controller 1
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
13
Repeat step 9 for all the additional Domain Controller
Step 10 Configure Cyberoam
Logon to CLI Console with default password go to Option 4 Cyberoam Console and execute following command at the prompt
corporategtcyberoam cta enable
corporategtcyberoam cta collector add collector-ip ltipaddressgt collector-portltport numbergt
Please make sure that you restart management services after enabling the CTA services
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
14
Step 11 Enable Security Event logging on Active Directory
This completes the configuration
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
15
Determine NetBIOS Name FQDN and Search DN
On the ADS server
Go to StartgtPrograms gt Administrative Tools gt Active Directory Users and Computers
Right Click the required domain and go to Properties tab
Search DN will be based on the FQDN In the given example FQDN is elitecorecom and Search DN will be DC=elitecore DC=com
Document Version 20 - 15072011
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
12
Step 9 Configure Agent from CTA Agent Tab on Additional Domain Controller 1
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
13
Repeat step 9 for all the additional Domain Controller
Step 10 Configure Cyberoam
Logon to CLI Console with default password go to Option 4 Cyberoam Console and execute following command at the prompt
corporategtcyberoam cta enable
corporategtcyberoam cta collector add collector-ip ltipaddressgt collector-portltport numbergt
Please make sure that you restart management services after enabling the CTA services
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
14
Step 11 Enable Security Event logging on Active Directory
This completes the configuration
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
15
Determine NetBIOS Name FQDN and Search DN
On the ADS server
Go to StartgtPrograms gt Administrative Tools gt Active Directory Users and Computers
Right Click the required domain and go to Properties tab
Search DN will be based on the FQDN In the given example FQDN is elitecorecom and Search DN will be DC=elitecore DC=com
Document Version 20 - 15072011
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
13
Repeat step 9 for all the additional Domain Controller
Step 10 Configure Cyberoam
Logon to CLI Console with default password go to Option 4 Cyberoam Console and execute following command at the prompt
corporategtcyberoam cta enable
corporategtcyberoam cta collector add collector-ip ltipaddressgt collector-portltport numbergt
Please make sure that you restart management services after enabling the CTA services
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
14
Step 11 Enable Security Event logging on Active Directory
This completes the configuration
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
15
Determine NetBIOS Name FQDN and Search DN
On the ADS server
Go to StartgtPrograms gt Administrative Tools gt Active Directory Users and Computers
Right Click the required domain and go to Properties tab
Search DN will be based on the FQDN In the given example FQDN is elitecorecom and Search DN will be DC=elitecore DC=com
Document Version 20 - 15072011
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
14
Step 11 Enable Security Event logging on Active Directory
This completes the configuration
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
15
Determine NetBIOS Name FQDN and Search DN
On the ADS server
Go to StartgtPrograms gt Administrative Tools gt Active Directory Users and Computers
Right Click the required domain and go to Properties tab
Search DN will be based on the FQDN In the given example FQDN is elitecorecom and Search DN will be DC=elitecore DC=com
Document Version 20 - 15072011
How To - Implement Clientless Single Sign On Authentication in Multiple Active Directory Domain Controller Environment
15
Determine NetBIOS Name FQDN and Search DN
On the ADS server
Go to StartgtPrograms gt Administrative Tools gt Active Directory Users and Computers
Right Click the required domain and go to Properties tab
Search DN will be based on the FQDN In the given example FQDN is elitecorecom and Search DN will be DC=elitecore DC=com
Document Version 20 - 15072011