-
-
- Converting your LOB tables from BasicFiles to SecureFiles format in Symantec Data Loss Prevention 14.6 and 15.x:
- Error: "ORA-28000: the account is locked" in Symantec DLP Enforce
- How to change the "protect" user password in the Oracle database for Symantec DLP
- How to default to the local database when logging in from the command line
- How to Extend Oracle tablespace (LOB_TABLESPACE, USERS, etc.) when almost full
- How to Removing Oracle Database Client Software for symantec DLP
- Show all articles ( 1 ) Collapse Articles
-
- Best Practice for Endpoint Agents with Antivirus Protection
- Creating a new agent attribute in Symantec DLP
- Generating agent installation packages for Symantec DLP
- How to collect the Endpoint Agent logs
- How to install the Symantec DLP Agent (Windows)
- How to remove the Symantec DLP Endpoint Agent (Mac)
- How to remove the Symantec DLP Endpoint Agent (Windows)
- How to Speed up the incident traffic from endpoint to endpoint server
- How to start DLP Agents that run on Mac endpoints
- How to troubleshoot DLP Agent status not reporting as expected on Enforce
- Troubleshoot Agents not reporting into the Enforce Console
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 7 ) Collapse Articles
-
- Configuring LDAP Lookup Plugins in Symantec DLP 15.5+
- Creating a new agent attribute in Symantec DLP
- Default ports used by Symantec DLP
- Disable SSLv3, TLSv1.1, and TLSv1.0 on Data Loss Prevention components
- fixing Enforce Server migration fail for three-tier environments due to "DatabaseProcessCheck"
- Generating Syslog messages from Symantec Data Loss Prevention
- How To Access DLP incidents
- How to Configure AD User login Authentication in Enforce for Data Loss Prevention 15.x and above
- How to configure the LDAP Lookup Plug-In within Symantec DLP
- How to create a report in Symantec DLP
- How To create a user role in Symantec DLP
- How to create users in Symantec DLP
- How to create, sign, and import an SSL certificate signed by a Trusted Certificate Authority
- How to create, start & stop Discover scans in Symantec DLP
- How to enable Finest level logging on DLP agents
- How to enable Syslog Logging for Symantec Data Loss Prevention
- How to export incidents in Symantec DLP
- How to filter incidents and Summarise in Symatec DLP
- How to gather a process dump using the ProcDump Tool
- How to increase the max number of incidents exported within Symantec DLP
- How To Login to the Symantec DLP Console
- How to Obtain a Broadcom/Symantec Support Site ID
- How to obtain the Symantec DLP Server Log files: location and description
- How to restart Symantec DLP services (14.6-15.0)
- How to restart Symantec DLP Services for Oracle Patching
- How To Restore the DLP Enforce Server across platforms in three-tier deployments
- How to set incident status in Symantec DLP
- How to solve Error: "Error 1802: Corrupted incident received"
- The maximum number of Agents than can be allowed to export, print or mail from Agents Summary Report or Agents Legacy Summary Report.
- What Are the Differences Between the “same” and “any” Components in Symantec DLP Rules?
- Show all articles ( 25 ) Collapse Articles
-
- Best Practices for Scanning Files Larger Than 30MB Using Discover
- Default ports used by Symantec DLP
- How To Access DLP incidents
- How to filter incidents and Summarise in Symatec DLP
- How To troubleshoot DLP Network Discover scan common errors
- Symantec Network Detection is not working for DLP User Groups that index the Domain Users AD Security Group
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 2 ) Collapse Articles
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
Created On
byJosh Kee
0 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 0% | |
3 Stars | 0% | |
2 Stars | 0% | |
1 Stars | 0% |
You are here:
- KB Home
- Symantec Articles
- Symantec DLP Enforce
- How to Configure AD User login Authentication in Enforce for Data Loss Prevention 15.x and above
< Back
DLP 15.0 and Above
The process for setting up AD User Authentication in DLP changed in version 15.0. The configuration now takes place both in the UI and manual configuration of the springSecurityContext file.
In order to configure an LDAP AD Connection for Symantec DLP 15.0 and above, complete the following steps:
- Copy the springSecurityContext-KERBEROS.xml template from
SymantecDLP\Protect\tomcat\webapps\ProtectManager\security\template
- Paste the copied springSecurityContext-KERBEROS.xml file into the
SymantecDLP\Protect\tomcat\webapps\ProtectManager\WEB-INF
folder - Rename the file to springSecurityContext.xml by removing the -KERBEROS from the file name, replacing the existing springSecurityContext.xml file.
- Since we are only configuring an Active Directory connection, we do not need to edit the contents of this file.
- Change to the
SymantecDLP\Protect\config
directory (SymantecDLP\Protect\config
on Windows or/opt/SymantecDLP/Protect/config
on Linux). - Edit the krb5.ini file (krb5.conf on Linux), adding information about the Active Directory domain structure and server location(s). More than one location can be defined if needed, as seen in screen shot below. The
[libdefaults]
section identifies the default domain. (Kerberos realms correspond to Active Directory domains.) The[realms]
section defines an Active Directory server for each domain. In the example below, the Active Directory server for ENG.COMPANY.COM is acmeADserver.company.com. More than one server can be added, as needed. - Restart the DLP Services,
- Log in to DLP Dashboard in the browser
- Add an Active Directory Connection in the Symantec DLP dashboard under System > Settings > Directory Connections.
- Add User Roles (as needed) under System > Login Management > Roles
- Add a user inside the DLP Dashboard under System > Login Management > DLP Users (You must still define users in the Enforce Administration Dashboard, before an AD user can successfully login. The user names entered in the DLP Dashboard will be cross-checked with Active Directory usernames / passwords. You can switch to Active Directory authentication after you have already created user accounts in the system. Only those existing user names that match Active Directory user names remain valid after the switch.)
Linux
If you are running Symantec Data Loss Prevention on Linux, verify the Active Directory connection using the kinit utility. You must rename the krb5.ini file as krb5.conf. The kinit utility requires the file to be named krb5.conf on Linux. Symantec DLP assumes that you use kinit to verify the Active Directory connection, and directs you to rename the file as krb5.conf.
Was this article helpful?
0 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 0% | |
3 Stars | 0% | |
2 Stars | 0% | |
1 Stars | 0% |