This article applies to organisations with a 'Hybrid' setup (both On-Premise Appliance and Cloud), as well as On-Premise only and Cloud only setups.
You can connect your Smoothwall setup to your directory service and sync your directory groups. This allows you to verify or ‘authenticate’ the identity of a user who is trying to access your network, and to apply policies to manage the access of these users.
Add Directories
See guidance for each of the most common directory types (other types may be available depending on which Release you are on):
- Active Directory
- IDex Directory
- Local Users Directory
- Google Directory
- Azure Directory
- eDirectory, Apply/OpenLDAP Directory or a 389 Directory (Leeds and prior Releases)
- RADIUS Accounting directory (Leeds and prior Releases)
- Active Directory legacy method (Leeds and prior Releases)
Once created, you must map your Directory User Groups to the Smoothwall User Groups to be able to authenticate users, and apply Web Filter Policies.
Multiple directories
In On-Premise Appliance
When users and usernames exist within multiple directories, the first directory in order is always the one used for User Group membership. We recommend ordering them so:
- Some organisations set up both an IDex and Active Directory in Smoothwall for the same Active Directory server to ensure the latest changes are detected without having to wait for the overnight IDex sync. In these scenarios, we recommend putting your IDex Directory above your Active Directory.
- Apart from this, place the directory with the most users at the top of the list to reduce the number of queries.
To order directories:
- Select and drag each directory into place.
- Select Save moves.
In Cloud
When users and usernames exist within multiple directories, the last synced directory is the one used for User Group membership. We recommend where possible to have the same names and memberships in both Google and Azure directories.
Issues with directories
You can diagnose directory-level and network problems, such as an incorrect username for domain connect requests or insufficient privileges for domain join requests.
In On-Premise Appliance
- Go to Services > Authentication > Directories.
- In the Status column, check for a red cross or green tick.
- If there is a red cross, hover over the field and select Diagnose.
- Smoothwall will then complete a series of checks. You can use the notes to help diagnose and fix issues with your directory setup, or contact Smoothwall Support for help and provide these details.
In Cloud
Only whether the directory sync has been successful or has failed is shown, so you would need to check the setup within your directory.