External Authentication and Importing of user accounts

Article Details
URL: https://support.deerfield.net/support/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=57
Article ID: 57
Created On: Aug 11, 2004 11:36 AM

Answer WinRoute Firewall

External authentication and import of user accounts WinRoute supports the following methods of saving of user accounts and of user authentication: Internal user database user accounts and their passwords are saved in WinRoute (see above). During authentication, usernames are compared to the data in the internal database. This method of saving accounts and user authentication is particularly adequate for networks without a proper domain, as well as for special administrator accounts (user can authenticate locally even if the network communication fails). On the other hand, in case of networks with proper domains (Windows NT or Active Directory), local accounts in WinRoute may cause increased demands on administration since accounts and passwords must be maintained twice (at the domain and in WinRoute). Internal user database with authentication at the domain although user accounts are saved in the WinRoute database, users are authenticated through the domain (i.e. passwords are not saved in a corresponding user account under WinRoute). Obviously, usernames in WinRoute must match with the usernames in the domain. This method is not so demanding as far as the administration is concerned. When, for example, a user wants to change the password, it can be simply done at the domain and the change will be automatically applied to the account in WinRoute. In addition to this, it is not necessary to create user accounts in WinRoute by hand, as they can be imported from a corresponding domain. Active Directory accounts (automatic import) if Active Directory (Windows 2000 Server /Server 2003) is used, automatic import of user accounts can be set. It is not necessary to define accounts in WinRoute, nor import them, since it is possible to to configure templates by which specific parameters (such as access rights, content rules, transfer quotas, etc.) will be set for new WinRoute users. A corresponding user account will be imported upon the first login of the user to WinRoute. This method is less demanding on the administration (all user accounts are administered through Active Directory). Note: In cases when users are authenticated at the domain (the last two descriptions), it is recommended to create at least one local account with full rights to administration in WinRoute, so that it is possible to connect to the WinRoute administration even if the network or the domain fails.