Forum Discussion
rdsohf5_76190
Nimbostratus
NimbostratusSSRS via Firepass
Experts,
We have a .net reports page on our intranet site that uses the SSRS (SQL Reporting Services) web service to build a tree of reports and the Report Viewer control to display the sele...
Don_Ryles_52501Nimbostratus
NimbostratusRob,
Just looked through this again and noticed that there is a place in the FirePass admin config where you can specify an optional kerberos server. Looking at the admin documenetation doesn't really give any clues what's going on but I just mention it if your network guys haven't already explored that area. This is under Users : Groups : Master Groups, select the correct master group and go to the authentication tab.
It's just the optional wording in the Kerberos (and WINS) server entry which makes me wonder if it has been missed.
Here's the text from the help page associated with that page. Unfortunately there's no explanation for what's really going on....
To configure Active Directory authentication
-In the Domain name box, type the Windows domain name. You must provide the Fully Qualified Domain Name (FQDN) here. This is a required parameter.
-Check (enable) the Forest mode box to authenticate users against Active Directory using their user principal names (UPN).
Note: If you enable Forest Mode for the AD authentication method, then "domain name" must be in the FQDN format. For example: SALES.OLYMPUS.COM instead of SALES.
-In the Kerberos server name box, type the Kerberos server name or IP address. Kerberos server name is an optional parameter.
-In the WINS server IP address box, type the WINS server IP address. WINS server IP address is an optional parameter.
-Check the Require user logon in form DOMAIN\username only if there are FirePass 4100 controller users with otherwise-identical user names belonging to different Active Directory domains. When you enable this option, you must use the DOMAIN\username format when adding users to the FirePass 4100 database, and users must use their full DOMAIN\username when logging into the FirePass 4100 controller.
-In the User must belong to Domain group box, type the domain group to which the user must belong for authentication. You can also click the Select Domain group link to select a domain group from your Active Directory server. User must belong to Domain group is an optional parameter. When you select User must belong to Domain group, the option Check nested groups appears. Select this option to check for users in a series of nested groups. You may optionally select the option Group specified must match user's primary group to ensure that the domain group the user belongs to matches the user's primary group.
-In the Domain admin name, type a user name that has Active Directory administrative permissions.
-In the Domain admin password box, type the password associated with this user name.
Note: Permissions are necessary for admin account changes. Use Account Operator as the privilege setting necessary for Firepass to change an admin password. Account Operator is a built-in Windows group, so the user that is specified in the Domain admin name and Domain admin password fields must be added to this group.
Regards,
KevinS.