Question

How do I configure Quin-C to use Active Directory authentication?

Notes:

  • Active Directory authentication can only be tied to one domain.  If your users are spread over multiple domains, you should not use Active Directory authentication.
  • Application-level, non-domain users will not be able to log in to Quin-C if Active Directory authentication is enabled.

 

Answer

1. Log in to Quin-C and open the Admin widget
https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009876026/original/mceclip0.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164437Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=f623cec3beb1612ea219e8cde688b4ffc8c592dcb6c6389c842ec1718ea40e4d

2. Open the System Administration tab, and then the System Values tab
https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009876027/original/mceclip1.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164437Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=0fb27bb2a75d118d36e1b34b5b2f48ac45f09d7c9a5817310a86135d34311970

3. Scroll down to the Active Directory Information section, and complete the values as defined below:

Server: Name or IP of the Domain Controller
Port: LDAP port (see typical options below)

389 = Standard LDAP/TLS Port on a non-global catalog server
636 = SSL Encrypted LDAPS on a non-global catalog server
3268 = Standard LDAP/TLS Port on a global catalog server
3269 = SSL Encrypted LDAPS on a global catalog server


Base DN: Distinguished Name of the base OU
UserDN: Distinguished Name of a user with Domain Read Object privileges
UseGC: Whether or not to use Global Catalog

https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009876028/original/mceclip2.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T164437Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=123068175be31b10d2d32908eaba8b67bf7c20031458d5b50ee2b71b5827e3af

4. Click Save

5.  Import at least one User from Active Directory via the Admin widget, and give them the Application Administrator Role
Note: Any existing non-domain users will not be able to log in to Quin-C beyond this point

6. On the Quin-C server, navigate to the Quin-C bin folder (typically "C:\Program Files\AccessData\Forensic Tools\\bin")

7. Open ADG.WeblabSelfHost.exe.config in a text editor

8. Under the appSettings section, find and edit the value of the UseAD key as defined below:



1: Integrated Windows Authentication (User-based authentication)
2: Integrated Windows Authentication (Group-based authentication, see this)
3: AD + Forms (User-based authentication)


9. Save your changes, and restart the AccessData Quin-C Self Host Service service


Note: If UseAD is set to 1 or 2, you should add ADGViewer.html to the end of the URL when navigating to Quin-C.