Configuring Snort through the User Interface 27• Apply the system policy only after activating the LDAP object.• Ensure that the user for authentication is created usingexternal authentication method.• If the MSAD Certification authentication fails do the following.Ensure that the MSAD certificate is in the following format.[Base-64 encoded data from pem file you exported on yourActive-Directory CA machine]-----END CERTIFICATE----------BEGIN CERTIFICATE-----[Base-64 encoded data from pem file that contains thecertificate from the AD mail server]-----END CERTIFICATE-----• Do the following steps if there is a certificate for SSL/TLS— Ensure that the hostname of LDAP server — at Server IPaddress field, is used instead of its IP address— Enter the hostname as the common name in thecertificate.• Obtain the SSL certificate.• Do the following to interact with the user interface whenLDAP fails.— Edit the following file on the appliance:/etc/sf/ims.conf— Add the following to the end of the file:LDAP_INFO = 1Retry the connection from the Authentication Object page.Expand the check box that appears at the bottom of thepage to view the errors in greater detail.RUA• Obtain the RUA licence. It is mandatory.• Create the RUA Detection Engine, since RUA requires it.Configuring Snort through the User InterfaceUse this procedure to make Snort configuration via the user interface(user.conf) editable by the user. To support the dynamic features ofSnort outside of the core product releases, you can provide the raw snortconfiguration via the user.conf.Nortel TPS 4.7Threat Protection System Troubleshooting GuideNN47240-700 01.01 Standard11 2007Copyright © 2007 Nortel Networks.