Table of Contents
Advertisement
Displaying the
Click the User authentication tab in the BSC administrator console.
1.
New NTLM
Select External NTLM Authentication from the Create drop-down list on the User
2.
server page
authentication page.
The New NTLM server page appears as shown in Figure 6-4.
Enable server
The Enable checkbox is marked by default to make the server available for user
authentication.
Name
Enter a meaningful name for the external NTLM authentication server.
Precedence
Optional. If you are setting up multiple external NTLM authentication servers and need to
establish the order in which the BSC checks the servers for user authentication, select the
server's priority from the Precedence drop-down list.
Note that 1 means the server is checked first. The precedence you configure here does
not apply to Transparent NTLM Windows logins, Transparent 802.1x logins, or local
users in the BSC database, because these authentication schemes are always checked
first.
If you set a Precedence for a server that is the same as that set for a previously configured
server, the previous server's Precedence, and that of all servers having a lower
configured precedence, is incremented by 1. For example, if server A already has a
Precedence of 1 and server B's is 2 and you then set server C's to 1, server A's
Precedence becomes 2 and server B's becomes 3..
NTLM Server
Optional. Enter the Windows NT domain in which the Windows client has
1.
Settings
membership in the Domain Name field.
Enter the external NTLM authentication server's primary domain controller hostname
2.
in the Primary Domain Controller by Host Name field. Enter the hostname only, do
not enter the host's fully qualified domain name.
Enter the external NTLM authentication server's secondary domain controller
3.
hostname in the Secondary Domain Controller by Host Name field. Enter the
hostname only, do not enter the host's fully qualified domain name.
Accounting
To enable RADIUS accounting for this server, select the name of the external RADIUS
accounting server from the Accounting server drop-down list.
See "RADIUS Accounting" on page 7-1 to configure a new RADIUS accounting server for
selection in the drop-down list.
Alternatively, you can select the Create... option to open a window that enables you to
configure a new RADIUS accounting server. After you save the server information, you
are returned to the New RADIUS server page where you can select the RADIUS
accounting server from the drop-down list.
Mapping NTLM
1.
Define the rules to determine if the user is authenticated.For each rule:
attributes to
a)
roles
b)
c)
d)
BlueSecure™ Controller Setup and Administration Guide
Enter the appropriate NTLM attribute in the Attribute field.
Select the appropriate Logic operator (equal to, not equal to, starts with, ends
with, contains, or [is a role]) from the drop-down list.
Value - Enter the appropriate value to check against the specified attribute.
Select the Role to assign to the user if the rule evaluates as true and the user is
authenticated from the drop-down list.
See "Defining User Roles to Enforce Network Usage Policies" on page 8-2to
define a new role available for selection in the drop-down list.
Alternatively, you can select the Create New... option to open a window that
enables you to define a new role. After you save the role information, you are
NTLM Authentication
6-13
Advertisement
Table of Contents
