HP VPN Firewall Appliances VPN Configuration Guide
354
AD is a directory service provided by Windows 2000 Server and later versions. It saves
information of objects on a network and allows administrators and users to query the information.
AD uses structured data storage, which is the basis of the directory information logical structure.
The SSL VPN system can cooperate with the existing AD server of an enterprise seamlessly to
provide AD authentication for users in the enterprise.
For successful AD authentication of a user, you must also configure the user information on the AD
authentication server, create user groups, and add the user to the user groups. Make sure that the
user groups configured on the authentication server exist on the SSL VPN gateway. Otherwise, the
user cannot log in. The number of user groups that the gateway supports for a user has a limit.
Make sure the number of user groups specified for a user on the authentication server is equal to
or less than the limit.
a. Select VPN > SSL VPN > Domain Management > Authentication Policy from the navigation
tree.
b. Click the AD Authentication tab.
The LDAP authentication configuration page appears, as shown in Figure 259.
Figure 259 AD authentica
tion
c. Configure the AD authentication as described in Table 51.
d. Click Apply.
Table 51 Configuration items
Item Descri
p
tion
Enable AD
authentication
Select this item to enable AD authentication.
AD Domain Name Enter the name of the AD domain.
AD Server IP
Enter the IP addresses of the AD servers.
You can specify four AD servers at most. When one server fails, the system uses
another server to authenticate users. The system selects the specified servers in the
configuration order of the servers. The first configured server has the highest
priority.
Authentication
Mode
Select an authentication mode for AD authentication. Options include Password,
Password+Certificate, and Certificate.
Server Recovery
Time
Set the interval at which the system checks whether the failed AD server recovers.