Supported Servers for Realms
You can configure realms to connect to the following types of servers, providing they have TCP/IP access from the Secure Firewall Management Center:
|
Server Type |
Supported for User Agent data retrieval? |
Supported for ISE data retrieval? |
Supported for captive portal data retrieval? |
Supported for RA VPN data retrieval? |
|---|---|---|---|---|
|
Microsoft Active Directory on Windows Server 2008 and Windows Server 2012 |
Yes |
Yes |
Yes |
Yes |
|
OpenLDAP on Linux |
No |
No |
Yes |
Yes |
Note the following about your server group configurations:
-
To perform user control on user groups or on users in groups, you must configure user groups on the LDAP or Active Directory server.
-
Group names cannot start with S- because it is used internally by LDAP.
Neither group names or nor organizational unit names can contain special characters like asterisk (
*), equals (=), or backslash (\); otherwise, users in those groups or organizational units are not downloaded and are not available for identity policies. - To configure an Active Directory realm that includes or
excludes users who are members of a sub-group on your server, note that
Microsoft recommends that Active Directory has no more than 5000 users per group
in Windows Server 2008 or 2012. For
more information, see Active Directory Maximum Limits—Scalability on MSDN.
If necessary, you can modify your Active Directory server configuration to increase this default limit and accommodate more users.