External authentication and import of user accounts

WinRoute supports the following methods of saving of user accounts and of user authentication:

  • Internal user database user accounts and their passwords are saved in WinRoute (see above). During authentication, usernames are compared to the data in the internal database.

    This method of saving accounts and user authentication is particularly adequate for networks without a proper domain, as well as for special administrator accounts (user can authenticate locally even if the network communication fails).

    On the other hand, in case of networks with proper domains (Windows NT or Active Directory), local accounts in WinRoute may cause increased demands on administration since accounts and passwords must be maintained twice (at the domain and in WinRoute).

  • Internal user database with authentication at the domain although user accounts are saved in the WinRoute database, users are authenticated through the domain (i.e. passwords are not saved in a corresponding user account under WinRoute). Obviously, usernames in WinRoute must match with the usernames in the domain.

    This method is not so demanding as far as the administration is concerned. When, for example, a user wants to change the password, it can be simply done at the domain and the change will be automatically applied to the account in WinRoute. In addition to this, it is not necessary to create user accounts in WinRoute by hand, as they can be imported from a corresponding domain.

  • Active Directory accounts (automatic import) if Active Directory (Windows 2000 Server /Server 2003) is used, automatic import of user accounts can be set. It is not necessary to define accounts in WinRoute, nor import them, since it is possible to to configure templates by which specific parameters (such as access rights, content rules, transfer quotas, etc.) will be set for new WinRoute users. A corresponding user account will be imported upon the first login of the user to WinRoute.

    This method is less demanding on the administration (all user accounts are administered through Active Directory).

Note: In cases when users are authenticated at the domain (the last two descriptions), it is recommended to create at least one local account with full rights to administration in WinRoute, so that it is possible to connect to the WinRoute administration even if the network or the domain fails.

Active Directory

Parameters for user authentication at Active Directory (or/and automatic import of user accounts) can be configured in the Active Directory / NT domain tab.


Enable Active Directory authentication

This option enables/disables Active Directory. If it is disabled, all accounts which use Active Directory authentication are unavailable (these users cannot connect to their accounts).

Active Directory domain name

The domain (Kerberos realm) at which users will be authenticated. Only complete domain names are accepted (e.g. company.com, not just company).

Import user accounts now

Use this button to open a dialog for immediate import (download) of user accounts from Active Directory.

The following information is required for import of accounts:

  • Active Directory domain name name of the domain from which user accounts will be imported (e.g company.com).

  • Import from server DNS name or IP address of the Active Directory domain server (e.g. server.company.com or 192.168.1.1).

  • Login as user, Password username and password of a user who belongs to the domain (i.e. has an account in this domain). No special user rights are required.

If no problem arises (i.e. the inserted data is correct, the server is available, etc.), a list of accounts will be displayed upon clicking OK that are ready to be imported to WinRoute.

Note: The NT domain / Kerberos 5 authentication method will be set for all imported accounts.

Automatically import user accounts from Active Directory

This option enables automatic import of accounts from Active Directory. Like in case of manual import of accounts, name or IP address of the domain server as well as username and password are required for the authentication (for details, see above).

Define user template

This button opens a dialog where a configuration template for imported user accounts (specific parameters for WinRoute) can be set.

The dialog is similar to the dialog for user account modification, however, it includes only the Groups, Rights, Quota and Content rules tabs (since the other parameters cannot be set at once for multiple users). For details, refer to chapter User Accounts

NT domain

Parameters for user authentication at the NT domain can be set in the Active Directory / NT domain tab.

Warning: Do not use this method if the domain server runs on OS Windows 2000 Server /Server 2003! Use the Active Directory in this case.


Enable NT domain authentication

This option enables/disables NT domain authentication. If it is disabled, all accounts which use NT domain authentication are unavailable (these users cannot connect to their accounts).

NT domain name

Name of the domain (e.g. COMPANY) where users will be authenticated.

Note: The host where WinRoute is installed must belong to this domain.

Import user accounts now

Use this option to open a dialog where NT domain user accounts can be imported. Specify the Windows NT domain name entry.

If no problem arises (i.e. the domain name is correct, the server is available, etc.), a list of accounts will be displayed upon clicking OK that are ready to be imported to WinRoute.

Note: The NT domain / Kerberos 5 authentication method will be set for all imported accounts.

Additional Links

Search

Support

Documentation

Authorization

 
Forgot your password?
Register

Subscribe

Subscribe to company news