Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Kiwi Syslog Server > Kiwi Sys - Knowledgebase Articles > Active Directory Authentication settings for Kiwi Syslog Server Web Access

Active Directory Authentication settings for Kiwi Syslog Server Web Access

 

Updated August 23, 2018

Overview

The AD Authentication setting allows an administrator to configure the Active Directory Authentication for Kiwi Web Access (KWA). The AD user must use their Login ID as “domain\domain ID”. Kiwi Web Access will use the authentication through AD.

Environment

All Kiwi Syslog versions

Detail

Note: The machine you are accessing the Kiwi Web Server from needs to be joined to a domain before configuring the AD authentication settings.

Domain URL 

Enter the Active Directory LDAP URL. For example:

Authentication Type

This setting determines how the KWA Server is interacting with the Domain Server by using the Domain URL. If the field is empty, the application will treat it as Secure by default.

 

The available authentication types are:

Anonymous No authentication is performed.
Delegation Enables Active Directory Services Interface (ADSI) to delegate the user's security context, which is necessary for moving objects across domains.
Encryption Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit.
FastBind Specifies that ADSI will not attempt to query the Active Directory Domain Services objectClass property. Therefore, only the base interfaces that are supported by all ADSI objects will be exposed. Other interfaces that the object supports will not be available. A user can use this option to boost the performance in a series of object manipulations that involve only methods of the base interfaces. However, ADSI does not verify if any of the request objects actually exist on the server.
None Equates to zero, which means to use basic authentication (simple bind) in the LDAP provider.
ReadonlyServer For a WinNT provider, ADSI tries to connect to a domain controller. For Active Directory Domain Services, this flag indicates that a writable server is not required for a serverless binding.
Sealing Encrypts data using Kerberos. The Secure flag must also be set to use sealing.
Secure Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client. Active Directory Domain Services uses Kerberos, and possibly NTLM, to authenticate the client. When the user name and password are a null reference (Nothing in Visual Basic), ADSI binds to the object using the security context of the calling thread, which is either the security context of the user account under which the application is running or of the client user account that the calling thread is impersonating.
SecureSocketsLayer Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit. Active Directory Domain Services requires the Certificate Server be installed to support Secure Sockets Layer (SSL) encryption.
ServerBind If your ADsPath includes a server name, specify this flag when using the LDAP provider. Do not use this flag for paths that include a domain name or for server less paths. Specifying a server name without also specifying this flag results in unnecessary network traffic.
Signing Verifies data integrity to ensure that the data received is the same as the data sent. The Secure flag must also be set to use signing.

User Groups

An administrator can restrict access to Kiwi Web Access to specific domain user groups. Multiple user groups can also be provided here (separated by a ";"). For example:

  • User Groups: Group Admins;Group Users

 

Example Active Directory Settings

  • Domain (FQDN): server.domain.com
  • Authentication Type: <blank>, defaults to Secure
  • User Groups: Domain Admins

 

For more information about enabling SSL, see SSL for Kiwi Web Access.

 

Last modified

Tags

Classifications

Public