When you configure your Firebox to authenticate users with your Active Directory server, you add a comma-delimited search base. The search base is the place the search starts in the Active Directory hierarchical structure for user account entries. This can help to make the authentication procedure faster.
Before you begin, you must have an operational Active Directory server that contains account information for all users for whom you want to configure authentication on the Firebox.
From your Active Directory server:
- Select Start > Administrative Tools > Active Directory Users and Computers.
- In the Active Directory Users and Computers tree, find and select your domain name.
- Expand the tree to find the path through your Active Directory hierarchy.
Domain name components have the format dc=domain name component, are appended to the end of the search base string, and are also comma-delimited.
For each level in your domain name, you must include a separate domain name component in your Active Directory search base. For example, if your domain name is prefix.example.com, the domain name component in your search base is:
To make sure that the Active Directory search can find any user object in your domain, specify the root of the domain. For example, if your domain name is kunstlerandsons.com, and you want the Active Directory search to find any user object in the entire domain, the search base string to add is:
To limit the search to begin in a container beneath the root of the domain, you must specify the fully-qualified name of the container in comma-delimited form. Start with the name of the base container and progress to the root of the domain. For example, assume your domain in the tree looks like this after you expand it:
Also assume that you want the Active Directory search to begin in the Sales container that appears in the example. This enables the search to find any user object inside the Sales container, and inside any containers in the Sales container.
The search base string to add in the Firebox configuration is:
The search string is not case-sensitive. When you type your search string, you can use either uppercase or lowercase letters. Make sure that a comma separates each component in the search base, without spaces between the components.
This search does not find user objects inside the Development or Admins containers, or inside the Builtin, Computers, Domain Controllers, ForeignSecurityPrincipals, or Users containers.
DN of Searching User and Password of Searching User Fields
You must complete these fields only if you select an option for the Login Attribute that is different from the default value, sAMAccountName. Most organizations that use Active Directory do not change this. When you leave this field at the default sAMAccountName value, users supply their usual Active Directory login names for their user names when they authenticate. This is the name you see in the User logon name text box on the Account tab when you edit the user account in Active Directory Users and Computers.
If you use a different value for the Login Attribute, a user who tries to authenticate gives a different form of the user name. In this case, you must add Searching User credentials to your Firebox configuration.