DOCSLIB.ORG

Fortiauthenticator - Administration Guide VERSION 5.3.1 FORTINET DOCUMENT LIBRARY

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Fortiauthenticator - Administration Guide VERSION 5.3.1 FORTINET DOCUMENT LIBRARY FortiAuthenticator - Administration Guide VERSION 5.3.1 FORTINET DOCUMENT LIBRARY https://docs.fortinet.com FORTINET VIDEO GUIDE https://video.fortinet.com FORTINET KNOWLEDGE BASE http://kb.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER SERVICE & SUPPORT https://support.fortinet.com http://cookbook.fortinet.com/how-to-work-with-fortinet-support/ FORTINET COOKBOOK http://cookbook.fortinet.com FORTINET TRAINING AND CERTIFICATION PROGRAM https://www.fortinet.com/support-and-training/training.html NSE INSTITUTE https://training.fortinet.com/ FORTIGUARD CENTER https://fortiguard.com FORTICAST http://forticast.fortinet.com END USER LICENSE AGREEMENT https://www.fortinet.com/doc/legal/EULA.pdf June 5, 2018 FortiAuthenticator - Administration Guide 23-531-493255-20180605 TABLE OF CONTENTS Change log 8 What's new in FortiAuthenticator 5.3.1 9 What's new in FortiAuthenticator 5.3 9 Introduction 17 Before you begin 18 How this guide is organized 19 Registering your Fortinet product 19 Setup 20 Initial setup 20 FortiAuthenticator VM setup 20 Administrative access 21 Adding FortiAuthenticator to your network 22 Maintenance 23 Backing up the configuration 23 Upgrading the firmware 24 Licensing 24 CLI commands 24 Standardized CLI 27 Troubleshooting 27 FortiAuthenticator settings 28 FortiGate settings 28 System 29 Dashboard 29 Customizing the dashboard 30 System information widget 31 System resources widget 35 Authentication activity widget 35 User inventory widget 35 License information widget 35 Top user lockouts widget 35 Network 36 Interfaces 36 DNS 38 Static routing 38 Packet capture 38 Administration 39 System access 39 High availability 41 Firmware upgrade 45 Configuring auto-backup 45 SNMP 46 Licensing 49 FortiGuard 50 FTP servers 51 Admin profiles 52 Messaging 52 SMTP servers 52 Email services 54 SMS gateways 55 Authentication 58 What to configure 58 Password-based authentication 58 Two-factor authentication 59 Authentication servers 59 Machine authentication 60 User account policies 61 General 61 Lockouts 62 Passwords 63 Custom user fields 65 Tokens 65 User management 68 Administrators 68 Local users 69 Remote users 76 Remote user sync rules 80 Social login users 81 Guest users 81 User groups 82 Usage profile 84 Organizations 84 Realms 85 FortiTokens 86 MAC devices 87 RADIUS attributes 88 FortiToken physical device and FortiToken Mobile 88 FortiAuthenticator and FortiTokens 89 Monitoring FortiTokens 90 FortiToken device maintenance 90 FortiToken drift adjustment 90 Self-service portal 91 General 91 Access control 92 Self-registration 92 Token self-provisioning 95 Replacement messages 96 Device self-enrollment 98 Captive portals 99 General 99 Access control 101 Replacement messages 101 Guest portals 106 Portals 106 Rules 111 Replacement messages 112 Smart Connect profiles 113 Post-login device tracking 115 Remote authentication servers 116 LDAP 116 Remote LDAP password change 120 RADIUS 121 RADIUS service 121 Clients 122 Client profile attributes 124 Extensible authentication protocol 125 Services 125 Custom dictionaries 125 MAC authentication bypass 127 LDAP service 127 General 127 Directory tree overview 127 Creating the directory tree 128 Configuring a FortiGate unit for FortiAuthenticator LDAP 131 SAML IdP 132 General 132 Service providers 133 FortiAuthenticator agents 136 FortiAuthenticator Agent for Microsoft Windows 137 FortiAuthenticator Agent for Outlook Web Access 138 Port-based network access control 139 Extensible Authentication Protocol 139 FortiAuthenticator and EAP 140 FortiAuthenticator unit configuration 140 Configuring certificates for EAP 140 Configuring switches and wireless controllers to use 802.1X authentication 141 Non-compliant devices 141 Fortinet Single Sign-On 142 Domain controller polling 142 Windows management instrumentation polling 142 General settings 143 Configuring FortiGate units for FSSO 147 Portal services 148 Kerberos 149 SAML authentication 150 Windows event log sources 152 RADIUS accounting 154 Syslog 155 Matching rules 155 Predefined rules 156 Syslog sources 157 Fine-grained controls 158 SSO users and groups 159 FortiGate group filtering 160 IP filtering rules 161 Tiered architecture 162 FortiClient SSO Mobility Agent 163 Fake client protection 163 RADIUS Single Sign-On 165 RADIUS accounting proxy 165 General settings 165 Rule sets 166 Sources 168 Destinations 169 Monitoring 170 SSO 170 Domains 170 SSO sessions 170 Windows event log sources 171 FortiGates 171 DC/TS agents 171 NTLM statistics 171 Authentication 171 Locked-out users 172 RADIUS sessions 172 Windows AD 172 Windows device logins 173 Learned RADIUS users 173 Certificate management 174 Policies 174 Certificate expiry 174 End entities 175 Certificate authorities 184 Local CAs 184 Certificate revocations lists 190 Trusted CAs 191 SCEP 192 General 192 Enrollment requests 192 Logging 198 Log access 198 Log configuration 200 Log settings 200 Syslog servers 202 Troubleshooting 204 Troubleshooting 204 Debug logs 205 RADIUS debugging 206 TCP stack hardening 207 LDAP filter syntax 208 Examples 208 Caveats 209 Change log Date Change Description June 5, 2018 FortiAuthenticator 5.3.1 document release. See "What's new in FortiAuthenticator 5.3.1" on page 9. May 9, 2018 FortiAuthenticator 5.3 document release. See "What's new in FortiAuthenticator 5.3" on page 9. FortiAuthenticator - Administration Guide 8 Fortinet Technologies Inc. What's new in FortiAuthenticator 5.3.1 The following list contains new and expanded features added in FortiAuthenticator 5.3.1. l Group password policies. For more information, see "Passwords" on page 63. l FortiToken 202 support. l Dual email and SMS two-factor authentication. For more information, see "Configuring token-based authentication" on page 73. l FortiAuthenticator-VM for HyperV is compatible with Windows Server 2016 . l Support for direct enrollment and VPN certificate renewal via SCEP over HTTPS. What's new in FortiAuthenticator 5.3 The following list contains new and expanded features added in FortiAuthenticator 5.3. Active Directory users password reset This feature adds the ability to reset an Active Directory user's password from the main login page. The work flow is the same as for resetting a local user's password. The Password Recovery Options setting is included in the remote LDAP users configuration page. This feature is available for both self-service and guest portals. REST API for security question This feature provides REST API access to the password recovery security question when adding/editing a user. This includes access to add/edit the password security recovery question when adding/editing a remote LDAP user. Enable Allow password recovery with security question and enter the password recovery question and answer string. PCI DSS 3.2 2FA The login flows for RADIUS authentication, SAML IdP, Guest Portals, and GUI Login are updated to meet PCI DSS 3.2 standards regarding multi-FortiAuthenticatortor authentication. For these new login flows to take effect, go to Authentication > User Account Policies > General and enable PCI DSS 3.2 two-factor authentication. FortiAuthenticator - Administration Guide 9 Fortinet Technologies Inc. What's new in FortiAuthenticator 5.3 Change log In the case where the Bypass FortiToken authentication when user is from a trusted subnet option is enabled (under Authentication > SAML IdP > Service Providers) and the user is logging in from a trusted subnet, the login flow reverts to password-only, regardless of the PCI mode. The GUI login page is hard-coded to Apply two-factor authentication if available (authenticate any user), so it will behave the same as the guest portal. All failed authentications will return the same generic message, so as to not reveal any clue to an attacker about which piece of information was valid or invalid: "Please enter correct credentials. Note that the password is case-sensitive." Remote login to the CLI (i.e., Telnet, SSH) also complies with the new PCI requirements. Guest portal exception There is one exception for guest portals. When a user has exceeded their time and/or data usage limit, the FortiAuthenticator shows the "Usage exceeded" replacement message. The best behavior would be to only show the replacement message if the credentials are valid. However, this would require a major change in the internal flow of the current authentication implementation, so instead, the FortiAuthenticator only requires that the account name be valid (not the credentials). The downside is that it opens the door for leaking valid account names. Nonetheless, it is deemed acceptable because: 1. Account name leakage prevention is not a PCI requirement (just a best practice). 2. Leaked account names are not usable because they are disabled (due to exceeded usage). 3. Disabled accounts can't be leveraged to brute-force credentials (in the hope of using them if an account gets re- enabled/usage extended). Guest portals: SmartConnect for Windows When the user clicks on the SmartConnect button from the post-login portal, the Platform dropdown now includes a Windows option. The SmartConnect for Windows feature provides an executable file that adds specific network settings to an end- user's Windows device. The SmartConnect profile settings are the same as the ones implemented for iOS and MacOS. The main difference is in how the downloaded executable file is built and packaged, so that it installs seamlessly on Windows devices. 10 FortiAuthenticator - Administration Guide Fortinet Technologies Inc. Change log What's new in FortiAuthenticator
Load more

Recommended publications
  • LDAP Authentication for IBM DS8000 Systems Updated for DS8000 Release 9.1
    Front cover LDAP Authentication for IBM DS8000 Systems Updated for DS8000 Release 9.1 Bjoern Wesselbaum Claudio Di Celio Bert Dufrasne Connie Riggins Robert Tondini Alex Warmuth Redpaper IBM Redbooks LDAP Authentication for IBM DS8000 Systems March 2021 REDP-5460-01 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. Second Edition (March 2021) This edition applies to IBM DS8900F storage systems that are available with IBM DS8000 Licensed Machine Code (LMC) 7.9.10 (bundle version 89.10.xx.x), referred to as Release 9.1 or later. © Copyright International Business Machines Corporation 2018, 2021. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii Preface . ix Authors. ix Now you can become a published author, too! . .x Comments welcome. .x Stay connected to IBM Redbooks . xi Chapter 1. IBM DS8000 user authentication. 1 1.1 Introduction to the DS8000 user authentication . 2 1.2 Storage Authentication Service by using CSM as an LDAP proxy . 2 1.3 Remote authentication by using the native implementation . 4 1.4 Benefits of using remote authentication for a DS8000 system . 5 1.5 Determining the remote authentication solution . 5 Chapter 2. Lightweight Directory Access Protocol for IBM DS8000 administrators . 7 2.1 Directory services and LDAP . 8 2.2 Basic LDAP and directory services terms explained. 9 2.2.1 Directory entry. 9 2.2.2 Groups . 10 Nested groups . 12 2.2.3 The directory structure .
    [Show full text]
  • Praise for Samba-3 by Example
    TitleandCR.fm Page i Thursday, March 4, 2004 11:55 AM Praise for Samba-3 by Example “John Terpstra has written what I think to be the definitive book on how to incorporate Samba into a heterogenous network. I like this book because, in a series of well defined "real-world" networking problem scenarios, it shows how Samba can help solve the problem, the steps for implementation, as well as the thinking behind the solution. Terpstra uses real-world networking examples to show how Samba could help solve networking problems. If you’re interested in using Samba in any way on your network, this is the book to have.” —Kent Dannehl, Engineer “This book does an excellent job at showing how Samba file and print serving solutions can grow with a company. These solutions are described in an way that is easy to understand and with enough examples that the book can be used as a reference.” —Michael MacIsaac, IBM Linux Technical Support “From a solutions perspective, Terpstra not only covers Samba-3, but he also primes you with examples of the critical tools and applications you will need for a complete solution. Whether it be small or large, a new network rollout or a migration, this book brings it all together with everything you need to start designing and strategizing your next implementation. If you just want to learn, you will be deploying Samba, DHCP, DNS, WINS, and LDAP before you know it. Well done!” —Ed Riddle, Business Technology Solutions Consultant “This book would make a great text or lab manual for an Information Technology course in network implementation and administration.
    [Show full text]
  • Certified Ethical Hacker Version 8 Study Guide
    ffirs.indd 2 22-07-2014 17:23:44 CEHv8 Certified Ethical Hacker Version 8 Study Guide ffirs.indd 1 22-07-2014 17:23:44 ffirs.indd 2 22-07-2014 17:23:44 CEHv8 Certified Ethical Hacker Version 8 Study Guide Sean-Philip Oriyano ffirs.indd 3 22-07-2014 17:23:44 Senior Acquisitions Editor: Jeff Kellum Development Editor: Richard Mateosian Technical Editors: Albert Whale and Robert Burke Production Editor: Dassi Zeidel Copy Editors: Liz Welch and Tiffany Taylor Editorial Manager: Pete Gaughan Vice President and Executive Group Publisher: Richard Swadley Associate Publisher: Chris Webb Media Project Manager I: Laura Moss-Hollister Media Associate Producer: Marilyn Hummel Media Quality Assurance: Doug Kuhn Book Designer: Judy Fung Proofreader: Sarah Kaikini, Word One New York Indexer: Ted Laux Project Coordinator, Cover: Patrick Redmond Cover Designer: Wiley Cover Image: ©Getty Images Inc./Jeremy Woodhouse Copyright © 2014 by John Wiley & Sons, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-1-118-64767-7 ISBN: 978-1-118-76332-2 (ebk.) ISBN: 978-1-118-98928-9 (ebk.) No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
    [Show full text]
  • Autor: Aicniel López Pérez. Tutor: M.Sc. Manuel Castro Artiles
    Departamento De Computación Título: Propuesta de servicios básicos de redes con software libre. Autor: Aicniel López Pérez. Tutor: M.Sc. Manuel Castro Artiles Curso 2017-2018 "Año 60 de la Revolución" Este documento es Propiedad Patrimonial de la Universidad Central “Marta Abreu” de Las Villas, y se encuentra depositado en los fondos de la Biblioteca Universitaria “Chiqui Gómez Lubian” subordinada a la Dirección de Información Científico Técnica de la mencionada casa de altos estudios. Se autoriza su utilización bajo la licencia siguiente: Atribución- No Comercial- Compartir Igual Para cualquier información contacte con: Dirección de Información Científico Técnica. Universidad Central “Marta Abreu” de Las Villas. Carretera a Camajuaní. Km 5½. Santa Clara. Villa Clara. Cuba. CP. 54 830 Teléfonos.: +53 01 42281503-1419 El que suscribe Aicniel López Pérez, hago constar que el trabajo titulado Propuesta de servicios básicos de redes con software libre. fue realizado en la Universidad Central “Marta Abreu” de Las Villas como parte de la culminación de los estudios de la especialidad de Licenciatura en Ciencia de la Computación, autorizando a que el mismo sea utilizado por la institución, para los fines que estime conveniente, tanto de forma parcial como total y que además no podrá ser presentado en eventos ni publicado sin la autorización de la Universidad. ______________________ Firma del Autor Los abajo firmantes, certificamos que el presente trabajo ha sido realizado según acuerdos de la dirección de nuestro centro y el mismo cumple con los requisitos que debe tener un trabajo de esta envergadura referido a la temática señalada. ____________________________ ___________________________ Firma del Tutor Firma del Jefe del Laboratorio PENSAMIENTO Hay hombres que luchan un día y son buenos.
    [Show full text]
  • TIBCO Enterprise Message Service™ User's Guide Software Release 8.5 May 2019 Document Updated: August 2020 2
    TIBCO Enterprise Message Service™ User's Guide Software Release 8.5 May 2019 Document Updated: August 2020 2 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. This document is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc. TIBCO, the TIBCO logo, the TIBCO O logo, Two-Second Advantage, TIBCO Cloud Integration, TIBCO Flogo Apps, TIBCO Flogo, TIB, Information Bus, TIBCO Enterprise Message Service, Rendezvous, and TIBCO Rendezvous are either registered trademarks or trademarks of TIBCO Software Inc.
    [Show full text]
  • Cybersecurity Style Guide
    --- --- Bishop Fox Contact Information: +1 (480) 621-8967 [email protected] 8240 S. Kyrene Road Suite A-113 Tempe, AZ 85284 Contributing Technical Editors: Brianne Hughes, Erin Kozak, Lindsay Lelivelt, Catherine Lu, Amanda Owens, Sarah Owens We want to thank all of our Bishop Fox consultants, especially Dan Petro, for reviewing and improving the guide’s technical content. Bishop Fox™ 2018/06/27 2 TABLE OF CONTENTS Welcome! ................................................................................................................................. 4 Advice on Technical Formatting ........................................................................................................ 5 What to Expect in the Guide .............................................................................................................. 6 The Cybersecurity Style Guide .............................................................................................. 7 A-Z .......................................................................................................................................................... 7 Appendix A: Decision-making Notes .................................................................................. 96 How We Choose Our Terms ........................................................................................................... 96 How to Codify Your Own Terms ..................................................................................................... 97 How to Write Terms That Don’t Follow Your Style
    [Show full text]
  • IBM® Security Access Manager for Enterprise Single Sign-On: Configuration Guide About This Publication
    IBM® Security Access Manager for Enterprise Single Sign-On Version 8.2 Configuration Guide GC23-9692-01 IBM® Security Access Manager for Enterprise Single Sign-On Version 8.2 Configuration Guide GC23-9692-01 Note Before using this information and the product it supports, read the information in “Notices” on page 123. Edition notice Note: This edition applies to version 8.2 of IBM Security Access Manager for Enterprise Single Sign-On, (product number 5724–V67) and to all subsequent releases and modifications until otherwise indicated in new editions. © Copyright IBM Corporation 2002, 2012. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents About this publication ........v Changing the AccessAgent interface .....52 Intended audience ............v Disabling the ESSO GINA or ESSO Credential What this publication contains ........v Provider ..............52 Publications ..............vi Configuring the AccessAgent functionality features 53 IBM Security Access Manager for Enterprise Changing the Ctrl+Alt+Delete support in Single Sign-On library ..........vi Windows 7 .............53 Accessing terminology online .......viii Configuring the transparent screen lock settings 53 Accessing publications online .......viii Enabling single sign-on for Java applications . 55 Ordering publications .........viii Configuring AccessAgent to use EnWinNetUse 56 Accessibility ..............ix Enabling the Observer Help ........57 Tivoli technical training ..........ix Configuring event reporting in the Windows Tivoli user groups ............ix Event log ..............58 Support information ...........ix Configuring the system modal message box . 58 Conventions used in this publication ......ix Enabling emergency hot key for private desktops 58 Typeface conventions ..........x Configuring the AccessAgent accessibility features 59 Operating system-dependent variables and paths x Enabling animation effect for AccessAgent .
    [Show full text]
  • View of Oracle Secure Enterprise Search
    Oracle® Secure Enterprise Search Administrator's Guide 11g Release 2 (11.2.1) E17332-04 May 2011 Oracle Secure Enterprise Search Administrator's Guide, 11g Release 2 (11.2.1) E17332-04 Copyright © 2006, 2011, Oracle and/or its affiliates. All rights reserved. Primary Author: Donna Carver, Vishwanath Sreeraman, Kathy Rich, Michele Cyran Contributors: Shashi Anand, Sachin Bhatkar, Greg Brunet, Stefan Buchta, Yujie Cao, Thomas Chang, Mohammad Faisal, Roger Ford, Cindy Hsin, Marvin Huang, Diego Iglesias, Rahul Joshi, Sana Karam, Hiroshi Koide, Belinda Leung, Valarie Moore, Huyen Nguyen, Yiming Qi, Birinder Tiwana, Luke Wang, Steve Yang, Yan Zhao This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations.
    [Show full text]
  • Megabyteact-GSA-2016.Pdf
    This document is made available through the declassification efforts and research of John Greenewald, Jr., creator of: The Black Vault The Black Vault is the largest online Freedom of Information Act (FOIA) document clearinghouse in the world. The research efforts here are responsible for the declassification of hundreds of thousands of pages released by the U.S. Government & Military. Discover the Truth at: http://www.theblackvault.com Office of Administrative Services Freedom of Information Act Office December 8, 2016 Mr. John Greenewald The Black Vault Dear Mr. Greenewald: This letter is in response to your U.S. General Services Administration Freedom of Information Act (FOIA) request, (GSA-2017-000141), submitted on November 7, 2016, in which you requested: “Records pertaining to a copy of records, electronic or otherwise, of the most recent inventory of software licenses at your agency.” Enclosed please find the records responsive to your request. You should find the following file named 20161101-Summary Report.csv. This completes our action on this request. Should you have any press-related questions, please contact Ashley Nash-Hahn, GSA Press Secretary, by email at [email protected]. You may also contact the GSA FOIA Public Liaison, Audrey Brooks, at (202) 205-5912 or by email at [email protected] for any additional assistance and to discuss any aspect of your FOIA request. Sincerely, Travis Lewis Program Manager Enclosure U.S General Services Administration 1800 F. Street, Northwest Washington, DC 20405 Telephone: (202) 501-0800
    [Show full text]
  • Samba-3 by Example
    Samba-3 by Example Practical Exercises in Successful Samba Deployment John H. Terpstra 25th April 2004 boo iii boo iv boo ABOUT THE COVER ARTWORK The cover artwork of this book continues a theme chosen for the book, The Official Samba-3 HOWTO and Reference Guide, the cover of which features a Confederate scene. Samba has had a major impact on the network deployment of Microsoft Windows desktop systems. The cover artwork of the two official Samba books tells of events that likewise had a major impact on the future. Samba-3 by Example Cover Artwork: King Alfred the Great (born 849, ruled 871-899) was one of the most amazing kings ever to rule England. He defended Anglo-Saxon England from Viking raids, formulated a code of laws, and fostered a rebirth of religious and scholarly activity. His reign exhibits military skill and innovation, sound governance and the ability to inspire men to plan for the future. Alfred liberated England at a time when all resistence seemed futile. Samba is a network interoperability solution that provides real choice for network admin- istrators. It is an adjunct to Microsoft Windows networks that provides interoperability of UNIX systems with Microsoft Windows desktop and server systems. You may use Samba to realize the freedom it provides for your network environment thanks to a dedicated team who work behind the scenes to give you a better choice. The efforts of these few dedicated developers continues to shape the future of the Windows interoperability landscape. Enjoy! v ACKNOWLEDGMENTS Samba-3 by Example would not have been written except as a result of feedback provided by reviewers of the book The Official Samba-3 HOWTO and Reference Guide.
    [Show full text]
  • Fortiauthenticator Administration Guide Contains the Following Sections
    FortiAuthenticator - Administration Guide Version 6.0.3 FORTINET DOCUMENT LIBRARY https://docs.fortinet.com FORTINET VIDEO GUIDE https://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER SERVICE & SUPPORT https://support.fortinet.com FORTINET TRAINING & CERTIFICATION PROGRAM https://www.fortinet.com/support-and-training/training.html NSE INSTITUTE https://training.fortinet.com FORTIGUARD CENTER https://fortiguard.com/ END USER LICENSE AGREEMENT https://www.fortinet.com/doc/legal/EULA.pdf FEEDBACK Email: [email protected] April 09, 2020 FortiAuthenticator 6.0.3 Administration Guide 23-603-583129-20200409 TABLE OF CONTENTS Change Log 8 What's new in FortiAuthenticator 9 FortiAuthenticator 6.0.3 9 SAML SP single logout enhancements for FSSO 9 SAML remote authentication enhancements 9 Low HA sync activity SNMP trap 9 Reject usernames containing uppercase letters 10 FortiAuthenticator 6.0.2 10 FortiAuthenticator 6.0.1 10 Support for FortiToken Cloud 10 Guest portals: Automatic login after registration 10 Client certificate for TLS authentication with remote LDAP servers 10 SAML IdP enhancements 10 Node-specific default gateway 11 More granular control for purging disabled user accounts 11 REST API enhancement: OAuth verify token returns username 11 FortiAuthenticator on Azure Marketplace 11 FortiAuthenticator 6.0.0 11 GUI update 11 SAML IdP proxy for cloud identity services 11 Improvements to remote LDAP user synchronization rules 12 OAuth server capability 12 Use FortiNAC as sources of SSO sessions 12 FSSO domain monitor
    [Show full text]
  • Integración De Redes Con Openldap, Samba, CUPS Y Pykota
    Integración de redes con OpenLDAP, Samba, CUPS y PyKota Sergio González González Instituto Politécnico de Bragança (http://www.ipb.pt/), Portugal [email protected] Integración de redes con OpenLDAP, Samba, CUPS y PyKota por Sergio González González Copyright © 2004 Sergio González González Trabajo realizado para la asignatura Gestão de Sistemas e Redes y ampliado para la asignatura Comunicações por Computador II, ambas pertenecientes a la carrera Ingeniería Informática impartida en la Escola Superior de Tecnologia e de Gestão de Bragança (http://www.estig.ipb.pt/) del Instituto Politécnico de Bragrança (http://www.ipb.pt/), Portugal. Este documento muestra los pasos necesarios para conseguir la integración de una red compuesta por equipos con sistemas operativos GNU/Linux (http://www.linux.org/) y MS Windows. Las herramientas empleadas para conseguir dicha integración han sido: OpenLDAP, Samba, CUPS y PyKota. Esta obra está bajo una licencia de Creative Commons (http://creativecommons.org/licenses/by-sa/2.0/es/) (Reconocimiento-CompartirIgual 2.0 España). Usted es libre de: • copiar, distribuir y comunicar públicamente la obra • hacer obras derivadas • hacer un uso comercial de esta obra Bajo las condiciones siguientes: • Reconocimiento. Debe reconocer y citar al autor original. • Compartir bajo la misma licencia. Si altera o transforma esta obra, o genera una obra derivada, sólo puede distribuir la obra generada bajo una licencia idéntica a ésta. • Al reutilizar o distribuir la obra, tiene que dejar bien claro los términos de la licencia de esta obra. • Alguna de estas condiciones puede no aplicarse si se obtiene el permiso del titular de los derechos de autor.
    [Show full text]