去年和廠商借了一臺Sonicwall的NSA 2400做測試,過程中在LDAP的設定上卡住許久,後來參考<a href="https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=4060" target="new">https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=4060</a>的做法才順利解決。
1.將DNS Server的第1組IP指定為LDAP Server,也就是Windows AD的所在位置。
<a href="http://1.bp.blogspot.com/_ylGFGEtmd4w/Sdola1h1NMI/AAAAAAAAB5c/BWgcGFqy4yI/s1600-h/s0.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 249px;" src="http://1.bp.blogspot.com/_ylGFGEtmd4w/Sdola1h1NMI/AAAAAAAAB5c/BWgcGFqy4yI/s320/s0.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5321607052667466946" /></a>
2.將「Users>Settings」的Authentication method for login項目,由預設的Local Users更改為LDAP+Local Users,同時透過本機資料庫和LDAP驗證使用者身份(主要是VPN)。
<a href="http://1.bp.blogspot.com/_ylGFGEtmd4w/Sdolgt0iN6I/AAAAAAAAB5k/bTWs8h2oXSE/s1600-h/s1.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 249px;" src="http://1.bp.blogspot.com/_ylGFGEtmd4w/Sdolgt0iN6I/AAAAAAAAB5k/bTWs8h2oXSE/s320/s1.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5321607153677645730" /></a>
3.設定LDAP Server的IP位址,並填入一組網域管理者的帳號、密碼。
<a href="http://2.bp.blogspot.com/_ylGFGEtmd4w/Sdolqxd-ifI/AAAAAAAAB5s/5j5krkAwTLo/s1600-h/s2.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 309px; height: 320px;" src="http://2.bp.blogspot.com/_ylGFGEtmd4w/Sdolqxd-ifI/AAAAAAAAB5s/5j5krkAwTLo/s320/s2.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5321607326455466482" /></a>
4.LDAP Server的預設類型就是我們所要的Microsoft Active Directory,因此不做更動。
<a href="http://1.bp.blogspot.com/_ylGFGEtmd4w/Sdol-VALyoI/AAAAAAAAB50/U1cMToBFTRc/s1600-h/s3.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 309px; height: 320px;" src="http://1.bp.blogspot.com/_ylGFGEtmd4w/Sdol-VALyoI/AAAAAAAAB50/U1cMToBFTRc/s320/s3.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5321607662411696770" /></a>
5.在Primary domain的欄位填入AD網域的完整FQDN,接著點一下User tree for login to server套用變更,最後按一下右下方的Auto-configure鍵,匯入AD樹系中的可用資料(如圖6),就會完成如圖5所示的畫面。
<a href="http://2.bp.blogspot.com/_ylGFGEtmd4w/SdomP3dm2aI/AAAAAAAAB58/go8acD82JXs/s1600-h/s4.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 309px; height: 320px;" src="http://2.bp.blogspot.com/_ylGFGEtmd4w/SdomP3dm2aI/AAAAAAAAB58/go8acD82JXs/s320/s4.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5321607963719686562" /></a>
6.圖7~9皆是預設值,不做更動。
<a href="http://3.bp.blogspot.com/_ylGFGEtmd4w/SdomY2pLhrI/AAAAAAAAB6E/m1Lg5LNeyiM/s1600-h/s5.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 237px;" src="http://3.bp.blogspot.com/_ylGFGEtmd4w/SdomY2pLhrI/AAAAAAAAB6E/m1Lg5LNeyiM/s320/s5.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5321608118118614706" /></a>
7.
<a href="http://1.bp.blogspot.com/_ylGFGEtmd4w/SdomibrHg1I/AAAAAAAAB6M/LyITCk4Kgoo/s1600-h/s6.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 309px; height: 320px;" src="http://1.bp.blogspot.com/_ylGFGEtmd4w/SdomibrHg1I/AAAAAAAAB6M/LyITCk4Kgoo/s320/s6.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5321608282677674834" /></a>
8.
<a href="http://4.bp.blogspot.com/_ylGFGEtmd4w/Sdomp1kEHCI/AAAAAAAAB6U/fVeKL-RnvRE/s1600-h/s7.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 309px; height: 320px;" src="http://4.bp.blogspot.com/_ylGFGEtmd4w/Sdomp1kEHCI/AAAAAAAAB6U/fVeKL-RnvRE/s320/s7.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5321608409886497826" /></a>
9.
<a href="http://1.bp.blogspot.com/_ylGFGEtmd4w/SdomyCWweMI/AAAAAAAAB6c/72hJgvGZC1I/s1600-h/s8.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 309px; height: 320px;" src="http://1.bp.blogspot.com/_ylGFGEtmd4w/SdomyCWweMI/AAAAAAAAB6c/72hJgvGZC1I/s320/s8.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5321608550759299266" /></a>
10.測試連線設定是否正確,填入一組網域使用者的帳號、密碼並按下Test鍵,如能出現類似圖中畫面,即代表連線成功 ^^。
<a href="http://4.bp.blogspot.com/_ylGFGEtmd4w/Sdom4ayKApI/AAAAAAAAB6k/8KHwcDDvPDI/s1600-h/s9.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 309px; height: 320px;" src="http://4.bp.blogspot.com/_ylGFGEtmd4w/Sdom4ayKApI/AAAAAAAAB6k/8KHwcDDvPDI/s320/s9.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5321608660395885202" /></a>
留言列表
