Active Directory Authentication
Configuring AccessPoint with
Microsoft Active Directory
This section provides instructions and useful information for configuring Menlo Logic AccessPoint with Microsoft® Active Directory® authentication.
Microsoft introduced Active Directory directory services with Windows 2000 server. Active Directory combines
Lightweight Directory Access Protocol (LDAP), a standard used to identify or locate users, groups, and network resources, and
Kerberos, a network authentication protocol. For information about Active
Directory, see the Microsoft Active Directory Overview.
Active Directory Authentication Instructions
See the AccessPoint configuration guide for more detailed instructions
If, after following these instructions, you are not able to authenticate to the Active Directory server, confirm the
- Click Access, then click Domains to view the Authentication Domains page.
- Click Add Domain
- Select "Active Directory" from the Authentication Type menu.
- Enter a descriptive name for the domain in the AccessPoint Domain Name field.
- Enter the Active Directory server name or IP address in the Server Address field.
- Enter the name of the Active Directory Domain in the Active Directory Domain field.
- Click Submit to submit the changes.
NTP Configuration for Time Synchronization
The time settings of the Active Directory server and the SSL VPN gateway are synchronized. Active Directory uses Kerberos
authentication and Kerberos allows a maximum of a 15 minute time difference between the client and the server.
The easiest way
to synchronize the time is by enabling NTP (Network Time Protocol). NTP configuration instructions are provided below. Time settings
are the most common reason for Active Directory authentication failures.
- Confirm that the Active Directory service has been successfully installed on the Windows 2000 or 2003 server.
- Verify that the Active Directory Domain configured in AccessPoint is defined in Active Directory Domains and
Trusts on the Windows server.
- The Active Directory user that is used to login should be a member of the Active Directory Domain on the Windows server.
- The Active Directory user should have sufficient privileges for remote authentication.
- When logging into the SSL VPN portal as a user, confirm that you are selecting the Active Directory
authentication domain from the Domain menu.
- Check that the AccessPoint gateway can contact the Windows server. If any services, such as
Network File Sharing, FTP, Web, Telnet or Terminal Services, are enabled on the Windows server, then try to
access these services from the SSL VPN portal. If the Windows server is not reachable, then verify network settings.
- Review the Windows Active Directory log file for error messages.
* Only standards compliant NTP servers are supported. Microsoft Windows server NTP implementation may
require NTLM client authentication and is therefore not recommended.
To configure the AccessPoint NTP settings, click General, then click Date in the administrative interface.
- Select the correct time zone from the Select Your Time Zone menu.
- Check the Automatically synchronize with an NTP server checkbox.
- Enter the NTP update time period in seconds in the Update Interval field. The default period is 64 seconds.
- Enter the name of one or more NTP servers in the NTP Server Address fields.*
Available NTP servers include:
- Click Submit to update your settings.