The Barracuda DC Client receives user authentication information from Barracuda DC Agents installed on Microsoft domain controllers.
Before you Begin
Before you configure MSAD DC Client authentication, you must install the Barracuda DC Agent on the Microsoft Active Directory server. For more information, see Barracuda DC Agent for User Authentication.
Configure the MSAD DC Client
Configure MSAD DC Client settings on the Barracuda NG Firewall:
- Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Authentication Service.
- In the left menu, click MSAD DC Client.
- Click Lock.
- Set Activate Scheme to Yes.
- In the Server Setting table, add all Microsoft Active Directory servers running the Barracuda DC Agent.
- For each entry, specify the IP Address of the Active Directory server running the DC Agent.
- Enter the TCP Port of the Active Directory server running the DC Agent (default: port 5049).
- If group information is queried from a different authentication scheme, select the scheme from the User Info Helper Scheme list.
- Click OK.
In the Group Filter Patterns table, you can add patterns to filter group information from the directory service.
Example:- Group Filter Pattern:
*SSL*
- User01:
CN=foo, OU=bar, DC=foo-bar, DC=foo
- User02:
CN=SSL VPN, DC=foo-bar, DC=foo
In this example, User01 does not have the
*SSL*
pattern in its group membership string and will not match in group-based limitations.- Group Filter Pattern:
Click Send Changes and Activate.