Table of Contents
Advertisement
Chapter 6: Authentication Using External Servers
NTLM username to ignore (Optional): Enter any generic, client-supplied NTLM login
4.
ID that should be ignored in the field.
Some clients send additional credentials after authenticating via NTLM. For example,
SMS clients will authenticate to another network device using a generic username
having the prefix SMSClient_. To avoid seeing this generic, client-supplied name in
the BSC Active Connections screen instead of the client's normal username, use this
field to specify the text to ignore if your clients send an additional login this way. By
default, the BSC addresses this problem for SMS clients and no entry is needed.
Accounting
To enable RADIUS accounting for this server, select the name of the external RADIUS
accounting server from the Accounting server drop-down list.
See "RADIUS Accounting" on page 7-1 to configure a new RADIUS accounting server for
selection in the drop-down list.
Alternatively, you can select the Create... option to open a window that enables you to
configure a new RADIUS accounting server. After you save the server information, you
are returned to the New RADIUS server page where you can select the RADIUS
accounting server from the drop-down list.
Mapping
Define the rules to determine if the user is authenticated.For each rule:
1.
Transparent
a)
NTLM Windows
b)
attributes to
roles
c)
d)
2.
Optional. Use the commands included in the Row Management drop-down list to
change the order of rules, add new blank rules, clear rule data, or delete a rule, etc.
Remember, the BSC evaluates rules in the order in which they are listed here on the
New Transparent NTLM Windows server page.
Select the default user role from the Default role drop-down list. The selected default
3.
role is the role the BSC assigns the user if none of rules is true.
Alternatively, select an LDAP/Active Directory authentication server from the Using
LDAP/Active Directory Server drop-down list to resume rules checking using the rules
configured for the selected LDAP/Active Directory authentication server.
Location
Optional. Specify the user location from which the transparent NTLM authentication
request must originate by selecting a defined user location from the Location drop-down
menu. If a user location is specified, the authentication request will not be attempted if the
request does not come from that location.
Notes
Optional. Enter a meaningful description for the external Transparent NTLM
authentication server in the Notes field.
Saving the
Click Save to store the information to the BSC database or Save and create another to
settings
continue to define external Transparent NTLM Windows authentication servers. You may
be prompted to restart the BSC. We recommend that you do not restart the BSC until you
have completely finished configuring the BSC for use in your network.
6-16
Enter the appropriate Transparent NTLM Windows attribute in the Attribute field.
Select the appropriate logic operator (equal to, not equal to, starts with, ends
with, contains, or [is a role]) from the Logic drop-down list.
Enter the appropriate Value to check against the specified attribute.
Select the role to assign to the user if the rule evaluates as true and the user is
authenticated from the Role drop-down list.
See "Defining User Roles to Enforce Network Usage Policies" on page 8-2 to
define a new role available for selection in the drop-down list.
Alternatively, you can select the Create New... option to open a window that
enables you to define a new role. After you save the role information, you are
returned to the New Transparent NTLM Windows server page where you can
select the role from the drop-down list.
Advertisement
Table of Contents
