Client Configuration
BlueZone provides built-in support for Windows Domain Authentication. To enable this feature, BlueZone must be used with the BlueZone Security Server and have Secure Sockets Layer enabled. No additional configuration is necessary in the BlueZone client. When the BlueZone client connects to a Security Server port secured using Windows Domain Authentication, the End User is presented with a standard Windows domain login dialog. The End User enters their user ID and password. This is sent to the Security Server, which in turn authenticates to the Windows Domain. If authenticated, the user is passed through to the host session. If the authentication fails, the connection is closed by the Security Server.
To accomplish this, the Windows Server that is hosting the Security Server, must be configured properly. There are two authentication scenarios that affect how the server is configured.
In this scenario, the Windows Server may be installed as a stand-alone server or as a domain controller. In most instances, the server will be stand-alone. To run the Security Server, a user must be logged onto the system. The End User logged onto the system must have “Act as Part of the Operating System” rights, set in the Windows Server User Manager. Users to be authenticated are added to the server in the User Manager.
In this application, the Windows server must be installed as a Backup Domain Controller. This is required for the Security Server to access the security database to authenticate the incoming users. To run the Security Server, an End User must be logged onto the system. The user logged onto the system must have “Act as Part of the Operating System” rights, set in the Windows Server User Manager. Users are authenticated to the Windows Domain for which the Windows Server is a backup.
Related Topics:
BlueZone Emulator Configuration