HomeHome ArticlesArticles Most Popular ArticlesMost Popular Articles Most Helpful ArticlesMost Helpful Articles Request New ArticleRequest New Article
RSS Feeds
DrillDown Icon Table of Contents Back
 . . . . . . . . . . . . .
DrillDown Icon FAQs on Cyberoam and Sophos Firewall
DrillDown Icon Vulnerability Security Advisories
DrillDown Icon Best Practices & Policies
DrillDown Icon Protect Your Cyberoam Appliances from Power Fluctuations
DrillDown Icon Technical Library
DrillDown Icon Deployment
DrillDown Icon Registration & Licensing
DrillDown Icon System
DrillDown Icon Objects
DrillDown Icon Network
DrillDown Icon Identity
DrillDown Icon Authentication
DrillDown Icon Customize Captive Portal in Cyberoam
DrillDown Icon Active Directory (AD) Authentication
DrillDown Icon Port Requirements in AD-DC local firewall for CTAS connectivity
DrillDown Icon Install Novell eDirectory Compatible CTAS
DrillDown Icon Implement Clientless SSO Authentication in Multiple Active Directory Domain Controller
DrillDown Icon Group Membership behavior in case of Tight Integration with Active Directory
DrillDown Icon Integrate Cyberoam with Active Directory
DrillDown Icon Implement Clientless SSO Authentication in Single AD Domain Controller Environment
DrillDown Icon Implement SSO Authentication with AD (English & Non-English Version)
DrillDown Icon Import AD OUs and Groups
DrillDown Icon I have removed certain users from my AD server. How do I synchronize Cyberoam’s User Database with it?
DrillDown Icon Does Cyberoam import AD users’ email addresses along with their credentials?
DrillDown Icon Is it possible to authenticate Remote Desktop Server users without Active Directory Integration with Cyberoam?
DrillDown Icon How to configure an External Authentication Server to authenticate L2TP/PPTP/IPSec users?
DrillDown Icon NTLM Authentication
DrillDown Icon Configure SSO for WLAN Users Authenticated by RADIUS Server
DrillDown Icon Integrate Cyberoam with Gemalto SA Server NPS Agent
DrillDown Icon How to Login in a Two Factor Authentication Environment?
DrillDown Icon Guest User Creation using Captive Portal
DrillDown Icon Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication
DrillDown Icon Configure Captive Portal URL Redirection
DrillDown Icon Integrate Cyberoam with RSA SecurID as a RADIUS Client
DrillDown Icon Integrate Cyberoam with ESET Secure Authentication Server
DrillDown Icon Allow Specific Websites without Authentication
DrillDown Icon Configure Cyberoam to use RADIUS Server for Authentication
DrillDown Icon Integrate Cyberoam with LDAP Server
DrillDown Icon Serve a Custom Page to unauthenticated users instead of Captive portal
DrillDown Icon How to customize the Default SMS sent to Guest Users?
DrillDown Icon Why is Captive Portal not displayed to users while trying to access Internet when a default Drop Policy is applied?
DrillDown Icon How to set authentication mechanism for L2TP or PPTP VPN users?
DrillDown Icon How to setup the Maximum Session Timeout globally for all users?
DrillDown Icon How do I configure Cyberoam to automatically logout inactive users?
DrillDown Icon Users and Groups
DrillDown Icon Implement Access Time Policy for a User/Group
DrillDown Icon Apply Surfing Quota Policy for User
DrillDown Icon Create a Data Transfer Policy
DrillDown Icon Implement BYOD Security with Cyberoam
DrillDown Icon Firewall
DrillDown Icon VPN
DrillDown Icon IPS
DrillDown Icon Web Filter
DrillDown Icon Application Filter
DrillDown Icon Web Application Firewall (WAF)
DrillDown Icon IM
DrillDown Icon Quality of Service (QoS)
DrillDown Icon Anti Virus
DrillDown Icon Anti Spam
DrillDown Icon Logs & Reports
DrillDown Icon Clients
DrillDown Icon Cyberoam Maintenance
DrillDown Icon Compatibility
DrillDown Icon Archives
  Subscribe Print PreviewPrint Current Article and All Sub-Articles
Rate Icon Rate Icon Rate Icon Rate Icon Rate Icon
 
Implement Single Sign On Authentication with Active Directory for English and Non-English Versions of Windows
Applicable Cyberoam Version: 10.01.0 Build 739 onwards
Applicable SSO Client Version: 1.0.1.0 onwards
 
Overview
 
This article describes how you can implement Client-based Single Sign On (SSO) authentication with Active Directory integration for English and Non-English versions of Windows. Using Client-based SSO, user can login to the organization network as well as Cyberoam in a single attempt. This requires client installation on the user’s computer.

Prerequisite
 
•   Before configuration, refer to the OS Compatibility Matrix under ‘SSO’ section to check if the client is compatible with users’ system.
 
•   Upgrade Existing Client: If you are upgrading an existing SSO Client below the mentioned “Applicable SSO Client Version”, move the existing SSO 
    Configuration Directory titled “cyberoam” and the “cyberoam.bat” file (located at the NETLOGON directory) to an alternate backup folder.
 
     You can check the version of existing client by following steps given below.
      -    Go to NETLOGON > SSO folder.
      -    Right-click SSCyberoamSetup.exe and view Properties.
      -    Switch to Details tab and check version against Product Version. 

Scenario

Implement Client-based Single Sign On (SSO) authentication with Active Directory integration. 

Configuration

You can configure client-based SSO authentication by following the steps given below.

Step 1: Configure Cyberoam to use Active Directory as Authentication Server. 
  
Refer to the article How To – Integrate with Active Directory for details. 

Step 2: SSO Implementation

You can implement Client-based SSO in ADS by following the steps given below. Configuration must be done by Administrator only.

Step 2.1: Login to the Active Directory Server as administrator and download the Client installer (SSCyberoamAutoSetup.zip) onto the domain controller or any client machine that is a part of the domain and has administrative privileges. To download the installer, click here.

Step 2.2: Unzip SSCyberoamAutoSetup.zip into a newly created directory called SSOSetup. The following files are extracted:

-     SSCyberoamSetup.exe
-     SSCyberoamConfig.exe
-     SSCyberoamConfig.ini
-     CyberoamAdmin.exe
-     CyberoamRun.exe
-     cyberoam.txt
 
Step 2.3: Run CyberoamAdmin.exe to create Admin.ini file which stores user account credentials that has installation rights for all the workstations. Specify administrator's username, password, and windows domain name from where users will log on. This is required to install SSO Client on user machines.




The Admin.ini file is passed as a parameter to CyberoamRun.exe to run SSCyberoam setup which installs the client on user machine.
 
Note:
 
SSO Configuration must be done by Administrator user only.
 

Step 2.4: Setup your configuration in SSCyberoamConfig.ini file using following syntax:

Domain Name=XYZ (FQDN Domain name is the domain from where users will log on)
Server=aaa.bbb.ccc.ddd (IP address of Cyberoam interface which is connected to Active Directory)
Domain Controller=ADS

Step 2.5: Copy the following files to cyberoam directory under NETLOGON of domain controller:

SSCyberoamSetup.exe
SSCyberoamConfig.exe
SSCyberoamConfig.ini
Admin.ini
CyberoamRun.exe

User can access NETLOGON directory using Run by entering: \\<adsservername>\netlogon
Where <adsservername> is the Active Directory domain controller's computer name.
 

Step 2.6: Configure Logon Script

 

The Logon Script is executed every time a user logs on to his/her machine. By default, Logon Script is located at the NETLOGON directory.


·        If there already exists a logon script on your Domain Controller, then update the script by downloading and running updatelogon script. Alternately, you can

     manually append the Cyberoam updatelogon script to the existing Logon script using a Text Editor.

 

·       If there is no existing logon script, download and run Cyberoam script on the Domain Controller.

 
Step 2.7: Verify if Cyberoam SSO Client has been installed onto user’s machine by:

-    Checking if Single Sign On Cyberoam Client folder has been created under Start ® All Programs.
-    Checking the SSO version and Server IP address from HKEY_LOCAL_MACHINE/SOFTWARE/Cyberoam/SSO in the registry of the local machine.

The above configuration implements Client-based SSO Client in Active Directory Server.
 

Determine the NetBIOS Name, FQDN and Search DN

You can determine the NetBIOS Name, FQDN and Search DN by following the steps given below.

    Login to your ADS as user with Administrative privileges.

•    Go to Start > Programs > Administrative Tools > Active Directory Users and Computers.

    Right Click the required domain and go to Properties tab

    Search DN is based on the FQDN. In the given example FQDN is cyberoam.com and Search DN will be DC=cyberoam, DC=com


 








                                                                           Document Version: 3.6 – 29 September, 2014

Attachments
Related Articles

Article ID: 1628