Windows Authentication question

asked on September 3, 2015 • Show version history

We're trying to set up windows authentication to work on one of our customers' DMZ, and the IT person asked the following question:

"I would like to set this up for you but I need to know where the authentication is coming from. Does the website talk to the server and then the server authenticates or is it the webserver trying to talk directly to AD? Do you know how it is communicating? Is it just Ldap or native AD?"

I know the clients authenticate through the Laserfiche Server, but I wasn't sure about the last part of the question. Any help from the Laserfiche team would be appreciated.

0 0

replied on September 3, 2015

For domain logins, Web Access uses impersonation to authenticate through AD, then it logs in to LFS using the impersonated user. Your domain password doesn't get sent to LFS. This is similar to how the desktop client handles logging in with a different domain account than the one you are logged into windows with.

0 0

replied on September 3, 2015

Thanks Robert. What about the second part? "Is it just LDAP or native AD?"

0 0

replied on September 3, 2015

If they are logging in with LDAP accounts, it will go through the LF server. For windows accounts, it uses AD to authenticate (either kerberos or NTLM).

0 0

replied on September 4, 2015

Question

Question

Replies

Sign in to reply to this post.