Show Contents / Index / Search

Domain Access Pane

Getting there

From the Domain Access pane, you specify a Windows domain account that can be used to query Windows Active Directory for user attributes and group membership. You may need to specify an account if you do any of the following:

  • Enable public key, certificate, SecurID, or RADIUS authentication for domain users without using password caching.
  • Control access to the server based on domain group membership.
  • Configure group-specific authentication settings based on domain group membership.

The specified credential is stored in the Reflection for Secure IT credential cache.

Whether you need this setting depends on your Active Directory configuration. When no account is specified from this pane (the default), the server queries Active Directory using the Local System account. If the Local System account doesn't have permission to read user attributes in Active Directory, the server attempts to use an anonymous logon to acquire Active Directory information. Anonymous logon is disabled by default starting with Windows Server 2003, and enabling it is not recommended. Under these conditions, the server is unable to acquire Active Directory information prior to user authentication; before you can use the features described above, you must specify a user account.

The options are:

Current Setting

Shows the currently configured domain access credential.

If this box is clear, the server queries Active Directory using the account the service is running under; the default is Local System.

Select credential

Opens the Select Credential dialog box, which you can use to select an existing user account from the credential cache, or a new user.

 

Clear

Clears the current setting. This restores the default behavior.

Related Topics

Cached Credentials