Configuring Active Directory integration

Article:HOWTO54111  |  Created: 2011-06-08  |  Updated: 2011-06-08  |  Article URL
Article Type
How To



Configuring Active Directory integration

You specify your Active Directory configuration in the Symantec Web Gateway Web GUI for both domain controller authentication and NTLM authentication. Ensure that you created an Active Directory account for use by Symantec Web Gateway before you configure domain controller authentication in the Symantec Web Gateway Web GUI. Configure the account to have access to the full Active Directory catalog.

To configure Active Directory integration

  1. In the Web GUI, click Administration > Configuration > Authentication.

  2. Check Use LDAP to identify end users.

  3. Under LDAP Configuration, specify the following information about your Active Directory environment:

    LDAP Server IP or Hostname

    Type the IP address or host name of the Active Directory server.

    LDAP Port

    Type the communication port number for the Active Directory server. Port 389 is the default port by Microsoft convention.

    Authentication Method

    Click one of the following options:

    • Simple

      The user name (bind DN) and password are transmitted in plain text.

    • Kerberos

      The user name (bind DN) and password are encrypted using the encrypted Kerberos protocol.

    LDAP Search Base (Base DN)

    Type the base DN for authentication queries to your Active Directory. A typical base DN for a simple Active Directory configuration is dc=domain,dc=com where domain is the domain name of your company. You may need to add additional parameters to the base DN, such as the organizational unit (ou=department).

    User Name

    Type the user name (bind DN) that you created for use by Symantec Web Gateway.

    Type the user name using one of the following forms:

    • sAMAccountName, for example: john_smith

      Valid for simple and Kerberos authentication.

    • sAMAccountName@domain, for example:

      Valid for simple and Kerberos authentication.

    • Distinguished name (DN), for example: cn=john smith,dc=symantecdomain,dc=com or CN=John Smith,OU=accounting,OU=finance, DC=symantecdomain,DC=com

      Valid for simple but not Kerberos authentication.


    Type the password for the user account.

    Group Users by

    Click one of the following grouping options:

    • Department

    • Organizational unit

    UID Attribute

    Click one of the following UID attributes:

    • sAMAccountName

    • uid

      This attribute form is no longer supported.

    • Other

      If you select Other, specify the UID.

    Sync Frequency

    The number of hours that Symantec Web Gateway considers a user's Active Directory attributes (such as workgroup association, email address, phone number) valid. After this period, a user's Active Directory attributes are considered stale, and Symantec Web Gateway automatically refreshes them through an LDAP query to the Active Directory.

    The default is 168 hours (one week).

  4. If you selected Kerberos as the authentication method, click Configure Kerberos settings automatically or manually configure the Kerberos settings. If you click Configure Kerberos settings automatically, Symantec Web Gateway uses the following settings for Kerberos authentication:

    LDAP Server IP or Hostname

    The data in this field is used for the Kerberos key distribution center (KDC) and administration server.

    LDAP Search Base (Base DN)

    The data in this field is used for the Kerberos realm and domain.

    If those substitutions do not match your Kerberos environment, manually configure Kerberos settings by specifying the following information:

    • Kerberos Realm

    • Default Domain

    • Key distribution center (KDC)

    • KDC Port

    • Kerberos Admin Server

    • Admin Server Port

  5. Click Test for the type of authentication that you want to perform (HTTP 401 or HTTP 407).

    The results of the test appear at the top of the page. If there is an error, correct the settings and test again.

  6. Click Save.

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices