Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/index.html?contextId=authentication-server-AD-add

Add an Active Directory server

To add an Active Directory server, do as follows:

  1. Go to Authentication > Servers and click Add.
  2. From the Server type list, select Active directory.
  3. Enter a name.
  4. Type an IP address and port.

  5. Specify the settings.

    Option Description
    NetBIOS domain NetBIOS domain for the server.
    ADS username Username for the admin user of the server.
    Password Password for the admin user of the server.
    Connection security

    Connection security for the server.

    Note: We recommend you use encryption.

    Select one of the following:

    • Plaintext: Send user credentials as unencrypted plain text.
    • SSL/TLS: Use Secure Sockets Layer/Transport Layer Security to encrypt the connection.
    • STARTTLS: Upgrade a non-encrypted connection by wrapping it with SSL/TLS after or during the connection process. Uses the default port.
    Validate server certificate

    Validates the certificate on the external server for a secured connection.

    Note: If you turn this option on, you must upload the AD server certificate to the firewall on Certificates > Certificates > Add > Upload certificate. If you don't upload it, the connection to the AD server fails.
    Display name attribute Name for the server shown to the user as the server username.
    Email address attribute Alias for the configured email address shown to the user.
    Domain name Domain name for which the query is to be added.
    Search queries Queries to run on the server. Click Add and create an LDAP query.

    Tip

    Any domain-joined user account can query, search, and read AD group membership. These rights are sufficient to import groups from the AD server.

  6. Click Test connection to validate the user credentials and check the connection to the server.

    Note

    When both synchronized user ID and STAS are configured, the authentication server uses the mechanism from which it receives the sign-in request first.

  7. Click Save.

  8. Go to Authentication > Services and select servers to use for service authentication.

More resources