Format

Domains must be identified (added to this file) using the interface in the Content Gateway manager on the Configure > Security > Access Control > Domains tab. Do not edit this configuration file.

Each line in auth_domains.config consists of a set of tags; each tag is followed by its value. For example:

type=<auth_method> name=<unique_name> use_alias=<0 or 1> <additional tags> The set of tags varies depending on the selected authentication method.

The following table lists all of the tags.

Tag	Allowed value
type	Specifies the authentication method: IWA, NTLM, LDAP
name	Specifies a unique name for the domain. This is not the actual domain name, but rather a name that is unique to the proxy and rule-based authentication.
use_alias	Specifies the user name sent to filtering service if authentication is successful. 0 = send actual authenticated user name (default). 1 = send a blank username 2 = send the string specified in auth_name_string
alias	Only active if use_alias=2. Specifies the static string to send as the user name for all successful authentications using this rule.

The following table lists the additional tags used with IWA domains.

IWA Tag	Allowed Value
winauth_realm	Specifies the joined Windows domain to use with the rule. Content Gateway must be joined and active in that domain.

The following table lists the additional tags used with NTLM domains.

NTLM Tag	Allowed Value
dc_list	Takes the IP address and port number of the primary domain controller (if no port is specified, Content Gateway uses port 139), followed by a comma separated list of secondary domain controllers to be used for load balancing and failover.
dc_load_balance (optional)	Specifies whether load balancing is used: 0 = disabled 1 = enabled Note: When multiple domain controllers are specified, even if load balancing is disabled, when the load on the primary domain controller reaches the maximum number of connections allowed, new requests are sent to a secondary domain controller as a short-term failover provision, until such time that the primary domain controller can accept new connections.

NTLM Tag

Allowed Value

dc_list

Takes the IP address and port number of the primary domain controller (if no port is specified, Content Gateway uses port 139), followed by a comma separated list of secondary domain controllers to be used for load balancing and failover.

dc_load_balance (optional)

Specifies whether load balancing is used:

0 = disabled
1 = enabled

Note: When multiple domain controllers are specified, even if load balancing is disabled, when the load on the primary domain controller reaches the maximum number of connections allowed, new requests are sent to a secondary domain controller as a short-term failover provision, until such time that the primary domain controller can accept new connections.

The following table lists the additional tags used with LDAP domains.

LDAP Tag	Allowed Value
server_name	Specifies the fully qualified domain name of the LDAP server.
server_port (optional)	Specifies the LDAP server port. The default is 389. To use the default Global Catalog server port, specify port 3268. If Secure LDAP is enabled, set the port to 636 or 3269 (the secure LDAP ports).
base_dn (optional)	Specifies the LDAP base distinguished name.
uid_filter (optional)	Specifies the type of service, if different from that configured on the LDAP tab. Enter sAMAccountName (MS AD) or userPrincipalName (MS AD) for Active Directory, or uid for any other service.
bind_dn (optional)	Specifies the bind distinguished name. This must be a Full Distinguished Name of a user in the LDAP directory service. For example: CN=John Smith,CN=USERS,DC=MYCOMPANY, DC=COM
bind_pwd (optional)	Specifies the password for the bind distinguished name.
sec_bind	Specifies whether Content Gateway will use secure communication with the LDAP server. 0 = disabled 1 = enabled If enabled, set the LDAP port to 636 or 3269 (secure LDAP ports).