Add Active Directory Server

Use the Add External Server page to configure Active Directory Server settings.

The Add External Server page allows to configure Active Directory which in turn allows the device to map the users and groups from ADS for the purpose of authentication.

  1. Go to Device Configuration > Configure > Authentication > Authentication Server and click Add.
  2. On the Add External Server page, select Active Directory for Server Type. If a user is required to authenticate using ADS, the device needs to communicate with the ADS server for authentication.
  3. Enter Active Directory details.
    Server Name
    Enter a descriptive name for the Active Directory server.
    Server IP/Domain
    Enter an IP address or domain for the Active Directory server.
    Port
    Enter the port of the Active Directory server. By default, this is port 389.
    NetBIOS Domain
    Enter a NetBIOS domain for the Active Directory server.
    ADS Username
    Enter a username for the admin user of the Active Directory server.
    Password
    Enter a password for the admin user of the Active Directory server.
    Connection Security
    Select the type of security to be implemented on the established connection. It provides a method to sign in to the external server by sending the username and password in encrypted format instead of clear text. We strongly recommend using the encryption method to protect user credentials.
    • Simple: User credentials will be send unencrypted, for example, as clear text.
    • SSL: Secure Sockets Layer. This is the most common method used for secured connection. The Port will then change from 389 (LDAPClosed) to 636 (ldaps = LDAP over SSL).
    • TLS:
    Validate Server Certificate
    (not with Simple connection security)
    Enable to validate the certificate on the external server.
    Display Name Attribute
    (optional)
    Enter the name for the AD server which is displayed as AD username.
    Email Address Attribute
    (optional)
    Enter the alias for the configured email address which is displayed to the user.
    Domain Name
    Specify the domain name for which the query is to be added.
    Search Queries
    Click Add to enter the search query. Use the Move Up and Move Down buttons to move the search queries in the list. Use Remove to remove the selected item.
    If you do not know search DN, refer to NetBIOS name, FQDN and Search DN.
    Figure: Add External Server
  4. Click Test Connection to check the connectivity between Active Directory server and the Sophos XG Firewall. It also validates Active Directory server user credentials.
  5. Click Save.
The AD server is now available and appears in the Authentication Server list.