Nortel 3050 Troubleshooting Manual

Also see for 3050: Command reference guide Installation guide Supplementary guide Implementation guide

Contents

Nortel 3050 Troubleshooting Manual Manual pdf 46 page image

46 Troubleshooting authentication tasksIf the authentication fails, check and verify that the CN is the ADservers FQDN.ATTENTIONYou will also see a failure in the Event Viewer if the AD server is notconfigured correctly--End--Troubleshooting NTLM authentication with Primary DomainController NTLM is a authentication protocol used by Windows clients to authenticatetowards Windows Domain Controllers.NTLM is supported in Windows 2000 for users with need for backwardscompatibility. The SSL VPN gateway will authenticate users towards anNTLM Domain Controller natively, that is, addition software is not requiredon the Domain Controller.Also the user to group/groups mapping is supported using NTLM. The SSLVPN gateway will query the Domain Controller for the Windows groups auser belongs to and map that to SSL VPN gateway group/groups.Troubleshooting NTLM authentication with Primary Domain Controllernavigation• “Creating the Windows group and add a user into that group ” (page46)• “Adding users to the new group” (page 47)Creating the Windows group and add a user into that groupTo allow the SSL VPN gateway to map a Windows user to the test groupin the SSL VPN group you need to create a global Windows group withthe same name.Procedure stepsStep Action1 Start the Active Directory Users and Computer manager.2 Click on the Create new group icon in the Active DirectoryUsers and Computers screen.New Object-Group form appears.3 Specify the group name.Nortel VPN GatewayTroubleshooting GuideNN46120-700 01.01 Standard12 October 2007Copyright © 2007 Nortel Networks.