Professional Documents
Culture Documents
spamsvn110
Support
WebTitan technical support specialists can provide assistance when planning and
implementing your WebTitan deployment, and deciding on the correct authentication
options to ensure a smooth deployment. Through online documentation, telephone
help, and direct email support, WebTitan ensures that your questions will be answered
in the fastest time possible. Access support information at
http://helpdesk.webtitan.com/support/home
Revision History
Version
1.0
Date
December 2014
Changes
Initial Revision
Contents
Introduction ................................................................................................................ 4
IP based authentication............................................................................................... 5
LDAP based authentication........................................................................................ 6
NTLM based authentication ....................................................................................... 8
WebTitan Active Directory Agent (WADA) ........................................................... 10
WADA Installation ............................................................................................... 11
Next Steps ............................................................................................................. 12
Introduction
WebTitan provides the option to define how users authenticate themselves to
WebTitan before accessing external web sites.
By default, authentication is disabled, which means that any user is accepted by the
WebTitan appliance without authentication. Should authentication be required, it can
be enabled via System Settings-> Authentication tab which can be seen below. The
method of authentication can be selected from the 'Policy type' drop down list.
WebTitan provides various methods of user authentication which are as follows.
IP based authentication
IP based authentication and NTLM based authentication are transparent to the user,
whereas LDAP based authentication will require the user to enter their LDAP
username/password credentials on commencing web site browsing. They will only be
asked once for this information.
IP based authentication
IP based authentication is only suitable where the users have static IP addresses. Also,
it is recommended that either LDAP or NTLM authentication is used where LDAP
servers are been used to maintain the users and groups within WebTitan. To facilitate
IP based authentication within WebTitan, the following must be done:
IP based authentication must be enabled via the System Settings > Authentication
tab.
Users must be assigned IP addresses via the Users & Groups > Users tab. An IP
address can be assigned at the time of user creation or by editing an existing user.
Figure 2 below shows that users can be assigned both a single IP address and an IP
address range.
IP authentication points
LDAP based authentication must be enabled via the System Settings >
Authentication tab.
There must be at least one LDAP server specified in the Users & Groups > Users
tab.
The users associated with the authenticating LDAP server must be imported into
WebTitan.
Please click here to see the 'QuickStart Guide to LDAP Setup' for details on how to connect to an
LDAP server within WebTitan and also how to import LDAP users.
If the web user enters an incorrect username or password, then they will receive the
following web page:
LDAP based authentication requires the end user to enter their LDAP
credentials
NTLM based authentication must be enabled via the System Settings >
Authentication tab.
Figure 6 below shows sample settings for an NTLM server. Verification of the settings
occurs automatically once the 'Save' button is clicked.
If your NTLM server does not authenticate successfully, the following error codes
returned by WebTitan could be of use.
Error Code
Explanation
-1
-2
-3
-4
-5
-6
Users who do not match any NTLM user account will automatically be
controlled by the 'Default' policy and will appear in reports as the
'GDefault' user.
LDAP
Event Logger
network sessions
The LDAP mechanism collects a list of computers in the domain and based on the
lastLogon parameter will contact each computer using the WMI protocol to check for
active logon sessions and eventually get the username. Not all computers are checked,
only those with lastLogon field within the range defined in the configuration (1 year
by default).
The Event Logger mechanism listens to the event logger for special events that
contains information about username and IP.
Additionally, network sessions are enumerated (by default each 10 seconds) to
discover active sessions. This method is important especially when there are users on
the network that don't turn-off their computers for a very long time and for some
reason their computers are not reachable with WMI.
The results from all those methods are then merged into one list and transmitted to
WebTitan.
10
WADA Installation
Install on the Active Directory Server or on another server in the domain. The
installation is a straight forward process using the MSI WADA kit as below.
Enter the IP address of your WebTitan. NOTE: Specify the proxy port that WebTitan is
listening on for HTTP requests. Default: 8881.
Finally enter your domain administration credentials for your Active Directory , e.g.
copperf\admin / password.
Next Steps
To implement transparent identification of users in transparent mode (Figure 11), you
must configure the WebTitan appliance to operate in transparent mode, and have
imported your users from Active Directory on the Users & Groups -> Users page
(Figure 12).
12