Filter
Top Products
User Management
1106
SonicOS 5.8.1 Administrator Guide
• To use SonicWALL SSO with Linux/Mac users, the SonicWALL SSO Agent must be
configured to use NetAPI rather than WMI to get the user login information from the user's
machine.
• For Samba to receive and respond to the requests from the SonicWALL SSO Agent, it must
be set up as a member of the domain and the Samba server must be running and properly
configured to use domain authentication.
These and other configuration details are described in the following technote:
http://www.sonicwall.com/downloads/Using_SSO_with_Samba_TechNote.pdf
SonicWALL SSO is supported by Samba 3.5 or newer.
Note If multiple users log into a Linux PC, access to traffic from that PC is granted based on the
most recent login.
Using SSO on Mac and Linux Without Samba
Without Samba, Mac and Linux users can still get access, but will need to log in to the
SonicWALL appliance to do so. This can cause the following problems:
• Traffic from Mac or Linux systems might keep triggering SSO identification attempts unless
the user logs in. This could potentially be a performance overhead to the SSO system if
there are a large number of such systems, although the effect would be somewhat mitigated
by the “hold after failure” timeout.
• If per-user Content Filtering (CFS) policies are used without policy rules with user level
authentication, the default CFS policy will be applied to users of Mac and Linux systems
unless they manually log in first.
• If policy rules are set requiring user level authentication, Web browser connections from
users of Mac and Linux systems will be redirected to the login page after the SSO failure,
but the failure may initiate a timeout that would cause a delay for the user.
To avoid these problems, the Don't
invoke Single Sign On to Authenticate Users checkbox
is available when configuring Firewall access rules by clicking Add on the Firewall > Access
Rules page (with View Style set to All Rules). This checkbox is visible only when SonicWALL
SSO is enabled and when the Users Allowed field on the Add Rule page is not set to All. If
this checkbox is selected, SSO will not be attempted for traffic that matches the rule, and