Authentication of Administrators

Top  Previous  Next

To connect to Dr.Web Server, administrator can authenticate by the following ways:

1.With storing administrative account information in the Server DB.

2.Via the Active Directory (for Servers under Windows OS).

3.Via the LDAP protocol.

4.Via the RADIUS protocol.

5.Via PAM (only for UNIX system-based OS).

Authentication methods are used sequentially according to the following rules:

1.The order of authentication methods usage depends on the order of their following in the settings, specified in the Control Center.

2.Authentication of administrator from the Server DB is always tried first.

3.By default, LDAP authentication is used by the second, via the Active Directory—the third, via the RADIUS—the fourth. Under UNIX system-based OS, the PAM is used the fifth.

4.Authentication methods via LDAP, Active Directory and RADIUS can be swapped in the Server settings, but authentication of administrator from the Server DB is always used first.

5.Authentication methods via LDAP, Active Directory and RADIUS are disabled by default.

To swap the usage of authentication methods

1.Select Administration in the main menu of the Control Center.

2.Select Authentication in the control menu.

3.In the opened window, list of authentications types is represented in the order of use. To change this order, drag and drop authentication methods in the list and place them in the necessary order of use the authentication.

4.To apply changes, you must restart the Server.

Administrative login must be unique.

Administrators are not allowed to connect via external authentication systems if an administrator with the same login already exists on the Server.

 

After each saving of changes in the Authentication section, the backup copy of the previous version of the configuration file with administrators authentication parameters is saved automatically. Only 10 last copies are stored.

Files are placed in the same folder as the configuration file itself and named according to the following format:

<file_name>;<creation_time>

where <file_name> depends on authentication system: auth-ads.xml, auth-ldap.xml, auth-radius.xml, auth-pam.xml.

You can use created backup copies particularly to restore the configuration file if the Control Center interface is not available.