[winroute-l] VPN Di Kerio

Mon, 30 Jun 2008 20:55:50 -0700 

Bambang Irianto Wijaya said the following on 01/07/08 10:33 +07:00:

Sedikit  tambahan,  DNS  server  dan DNS client service harus diubah
modenya  ke  manual  atau disable, kalau hanya di stop saja maka KWF
akan mendeteksi bhw services tsb (masih berpotensi) aktif.


Keliatanya ditempat saya tdk bisa dimplemetasikan karena KWF tsb bukan
bagian dari member DOMAIN

Domain mapping requirements
----------------------------------------------------------------------
The following conditions must be met to enable smooth functionality of
user authentication through Active Directory domains:

For mapping of one domain:

The  WinRoute  host  must  be  a  member  of  the corresponding Active
Directory domain.

The  Active  Directory  domain  controller (server) must be set as the
primary DNS server.

If  the  DNS  server itself is set in the operating system, the domain
controller  of  the Active Directory must be the first item in the DNS
servers list in the DNS Forwarder configuration (for details, refer to
chapter DNS Forwarder).



Perhatikan soal "smooth", dg KWF server sbg member domain maka proses 
authentication menjadi cepat.
Menurut saya bisa saja KWF server tdk harus jadi member domain, asalkan 
service-2x yg diperlukan oleh Active Directory (MS DNS, LDAP, Kerberos 
dll) di allow; akan tetapi proses ini akan makan waktu lbh lama saat 
authenticatenya (tunneling), shg idle time out di VPN client mestinya 
perlu diperlama.




Tetapi ada yang menarik dari statement ini :
---------------------------------------------------------------------
Internal user database with authentication within the domain

User accounts are stored in WinRoute. However, users are authenticated
at  Windows NT or Active Directory domain (i.e. password is not stored
in  the  user  account  in WinRoute). Obviously, usernames in WinRoute
must match with the usernames in the domain.

This  method  is  not  so  demanding  as  far as the administration is
concerned.  When, for example, a user wants to change the password, it
can  be simply done at the domain and the change will be automatically
applied  to  the  account  in WinRoute. In addition to this, it is not
necessary  to create user accounts in WinRoute by hand, as they can be
imported from a corresponding domain.

Bagi saya tdk masalah bikin id baru di Winroute asal passwordnya ambil
dari  Active  Directory.  Tp setelah saya coba dan buka web page masih
belum  bisa  login,  kalau memasukan ID yang dari local database OK-2x
saja.



winroute database diimport dari active directory atau dicreate secara 
manual ?



Apakah  requrment tsb masih membutuhkan KWF sebagai member dari domain
?


Harusnya tidak.


--
syafril
-------
Syafril Hermansyah


--
Milis diskusi Kerio Winroute

Berlanggan      : <mailto:[EMAIL PROTECTED]>
Henti Langgan   : <mailto:[EMAIL PROTECTED]>
Versi terakhir  : 6.4.2
































					Kirim email ke