Kerio Tech Firewall6 Network Router User Manual


 
13.4 Active Directory domains mapping
203
One domain is always set as primary. In this domain, all user accounts where the domain
is not specified, will be searched (e.g. jsmith). Users of other domains must login by
username including the domain (e.g. drdolittle@usoffice.company.com).
Use the Add or the Edit button to define a new domain. This dialog includes the same
parameters as the Active Directory tab in administration of an only domain (see above).
Notes:
1. By default, the domain defined first is set as primary. You can use the Set as primary
button to set the selected domain as primary.
2. Membership of WinRoute in the domain is not necessarily required for primary do-
mains (see Domain mapping requirements). Settings of the primary domain only
define which users will be allowed to login to WinRoute (i.e. to the web interface,
to the SSL-VPN interface, to the WinRoute administration, etc.) using the username
without domain.
Collision of Active Directory with the local database and conversion of accounts
During Active Directory domain mapping, collision with the local user database may
occur if a user account with an identical name exists both in the domain and in the local
database. If multiple domains are mapped, a collision may occur only between the local
database and the primary domain (accounts from other domains must include domain
names which make the name unique).
If a collision occurs, a warning is displayed at the bottom of the User Accounts tab. Click
on the link in the warning to convert selected user accounts (to replace local accounts
by corresponding Active Directory accounts).
Figure 13.16 Conversion of user accounts