Table of Contents
Advertisement
8
Optionally enter the common name and password of a user that has been delegated control of the
backup server in the Login User Name and Login Password fields, under the Backup LDAP server
section.
9
Enter the name of the layout in the Portal Name field. Additional layouts can be defined in the Portals
> Portals page.
10 Optionally select Allow password changes (if allowed by LDAP server). This option, if allowed by
your LDAP server, enables users to change their LDAP password during a Secure Mobile Access session.
11 Optionally select Use SSL/TLS. This option allows for the SSL/TLS encryption to be used for LDAP
password exchanges. This option is disabled by default as not all LDAP servers are configured for
SSL/TLS.
12 Optionally select Enable client certificate enforcement to require the use of client certificates for
login. By checking this box, you require the client to present a client certificate for strong mutual
authentication. Two additional fields appear:
•
Verify user name matches Common Name (CN) of client certificate - Select this check box to
require that the user's account name match their client certificate.
•
Verify partial DN in subject - Use the following variables to configure a partial DN that matches
the client certificate:
•
User name: %USERNAME%
•
Domain name: %USERDOMAIN%
•
Active Directory user name: %ADUSERNAME%
•
Wildcard: %WILDCARD%
13 Select Auto-assign groups at login to assign users to a group when they log in.
Users logging into LDAP domains are automatically assigned in real time to Secure Mobile Access groups
based on their external LDAP attributes. If a user's external group membership has changed, their Secure
Mobile Access group membership automatically changes to match the external group membership.
14 Optionally select One-time passwords to enable the One Time Password feature. A drop-down list
appears, in which you can select if configured, required for all users, or using domain name. These
are defined as:
•
if configured - Only users who have a One Time Password email address configured uses the One
Time Password feature.
•
required for all users - All users must use the One Time Password feature. Users who do not
have a One Time Password email address configured are not allowed to login.
•
using domain name - Users in the domain use the One Time Password feature. One Time
Password emails for all users in the domain are sent to username@domain.com.
If you selected if configured or required for all users in the One-time passwords drop-down list, the
LDAP e-mail attribute drop-down list appears, in which you can select mail, userPrincipalName, or
custom. These are defined as:
•
mail - If your LDAP server is configured to store email addresses using the "mail" attribute, select
mail.
•
mobile or pager - If your AD server is configured to store mobile or pager numbers using either of
these attributes, select mobile or pager, respectively. Raw numbers cannot be used, however, SMS
addresses can.
•
userPrincipalName - If your LDAP server is configured to store email addresses using the
"userPrincipalName" attribute, select userPrincipalName.
•
custom - If your LDAP server is configured to store email addresses using a custom attribute,
select custom. If the specified attribute cannot be found for a user, the email address assigned in
the individual user policy settings are used. If you select custom, the Custom attribute field
appears. Type the custom attribute that your LDAP server uses to store email addresses. If the
specified attribute cannot be found for a user, the email address is taken from their individual
policy settings.
Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
179
Advertisement
Chapters
Table of Contents
Troubleshooting
