Authentication of Administrators

To connect to Dr.Web Server, administrator can authenticate by the following ways:

With storing administrative account information in the Server DB.

Using the common LDAP/AD settings that allow to connect to LDAP and Active Directory servers.

Via the RADIUS protocol.

Via PAM (only for UNIX system-based OS).

At update of the Server from a previous version, also can be available the following authentication types (if they were enabled in previous version):

warning

After disabling these authentication types, their sections will be excluded from the Control Center settings.

At the first Server installation, these sections are not provided.

Via the Active Directory (for Servers under Windows OS).

Via the LDAP protocol.

Authentication methods are used sequentially according to the following rules:

1.Authentication of administrator from the Server DB is always tried first.

2.The order of usage of authentication methods via the external systems depends on the order of their following in the settings, specified in the Control Center.

3.Authentication methods via the external systems are disabled by default.

To swap the usage of authentication methods

1.Select Administration in the main menu of the Control Center.

2.Select Authentication in the control menu.

3.In the opened window, list of authentications types is represented in the order of use. To change this order, drag and drop authentication methods in the list and place them in the necessary order of use the authentication.

4.To apply changes, you must restart the Server.

warning

Administrative login must be unique.

Administrators are not allowed to connect via external authentication systems if an administrator with the same login already exists at the Server.

 

After each saving of changes in the Authentication section, the backup copy of the previous version of the configuration file with administrators authentication parameters is saved automatically. Only 10 last copies are stored.

Files are placed in the same folder as the configuration file itself and named according to the following format:

<file_name>_<creation_time>

where <file_name> depends on authentication system: auth-ads.conf, auth-ldap.conf, auth-radius.conf, auth-pam.conf.

You can use created backup copies particularly to restore the configuration file if the Control Center interface is not available.