Installation manual
Configuring a Namespace
Configuring Windows Authentication (CIFS)
7-16 CLI Storage-Management Guide
Identifying the NTLM Authentication Server
NTLM authentication also requires a mechanism for authenticating Windows clients
at the namespace’s back-end filers. Kerberos-only sites do not require any NTLM
configuration, though you can configure a namespace that supports both
authentication protocols.
An NTLM-authentication server is a Windows Domain Controller (DC) that is the
host for an Acopia Secure Agent (ASA). The namespace software uses the
NTLM-authentication server to authenticate its clients. The ASA makes it possible
for the namespace to act as a proxy, re-using the client’s credentials at multiple
back-end shares. Each ASA provides authentication for a single Windows domain.
You separately install an ASA at its DC, then you specify the server’s IP address (and
other parameters) at the ARX’s CLI. Refer to the Secure Agent Installation Guide for
instructions to install an ASA and then configure it at the ARX.
Once the NTLM-authentication server is configured, you can use the server with one
or more namespaces. From gbl-ns mode, use the
ntlm-auth-server command to apply a
server to the namespace:
ntlm-auth-server name
where name identifies the NTLM authentication server for this namespace. Use
show ntlm-auth-server for a list of them; recall “Listing NTLM Authentication
Servers” on page 3-7.
As with Kerberos, you can only add or remove NTLM authentication while the
namespace is disabled.
For example, this command set finds the “dc1” authentication server, shows the
server configuration, then applies the authentication server to the “medarcv”
namespace:
bstnA6k(gbl)# namespace medarcv
bstnA6k(gbl-ns[medarcv])# show ntlm-auth-server
Name
---------------------------------------
dc1
bstnA6k(gbl-ns[medarcv])# show ntlm-auth-server dc1