Format
Domains must be identified (added to this file) using the interface in the Content Gateway manager on the
tab. Do not edit this configuration file.Each line in auth_domains.config consists of a set of tags; each tag is followed by its value. For example:
type=<auth_method> name=<unique_name> use_alias=<0 or 1> <additional tags> The set of tags varies depending on the selected authentication method.
The following table lists all of the tags.
Tag | Allowed value |
---|---|
type | Specifies the authentication method: IWA, NTLM, LDAP |
name | Specifies a unique name for the domain. This is not the actual domain name, but rather a name that is unique to the proxy and rule-based authentication. |
use_alias |
Specifies the user name sent to filtering service if authentication is successful.
|
alias | Only active if use_alias=2. Specifies the static string to send as the user name for all successful authentications using this rule. |
The following table lists the additional tags used with IWA domains.
IWA Tag | Allowed Value |
---|---|
winauth_realm | Specifies the joined Windows domain to use with the rule. Content Gateway must be joined and active in that domain. |
The following table lists the additional tags used with NTLM domains.
NTLM Tag | Allowed Value |
---|---|
dc_list | Takes the IP address and port number of the primary domain controller (if no port is specified, Content Gateway uses port 139), followed by a comma separated list of secondary domain controllers to be used for load balancing and failover. |
dc_load_balance (optional) |
Specifies whether load balancing is used:
Note: When multiple domain controllers are specified, even if load balancing is disabled, when the load on the primary domain controller reaches the maximum number of connections
allowed, new requests are sent to a secondary domain controller as a short-term failover provision, until such time that the primary domain controller can accept new
connections.
|
The following table lists the additional tags used with LDAP domains.
LDAP Tag | Allowed Value |
---|---|
server_name | Specifies the fully qualified domain name of the LDAP server. |
server_port (optional) |
Specifies the LDAP server port. The default is 389. To use the default Global Catalog server port, specify port 3268. If Secure LDAP is enabled, set the port to 636 or 3269 (the secure LDAP ports). |
base_dn (optional) | Specifies the LDAP base distinguished name. |
uid_filter (optional) | Specifies the type of service, if different from that configured on the LDAP tab. Enter sAMAccountName (MS AD) or userPrincipalName (MS AD) for Active Directory, or uid for any other service. |
bind_dn (optional) |
Specifies the bind distinguished name. This must be a Full Distinguished Name of a user in the LDAP directory service. For example: CN=John Smith,CN=USERS,DC=MYCOMPANY, DC=COM |
bind_pwd (optional) | Specifies the password for the bind distinguished name. |
sec_bind |
Specifies whether Content Gateway will use secure communication with the LDAP server.
If enabled, set the LDAP port to 636 or 3269 (secure LDAP ports). |