Specifications

ManualsBrandsADTRAN ManualsComputer equipmentBlueSecure Controller

111

112

113

114

115

116

117

118

119

120

NTLM Authentication

BlueSecure™ Controller Setup and Administration Guide 6-13

Displaying the

New NTLM

server page

1. Click the User authentication tab in the BSC administrator console.

2. Select External NTLM Authentication from the Create drop-down list on the User

authentication page.

The New NTLM server page appears as shown in Figure 6-4.

Enable server The Enable checkbox is marked by default to make the server available for user

authentication.

Name Enter a meaningful name for the external NTLM authentication server.

Precedence Optional. If you are setting up multiple external NTLM authentication servers and need to

establish the order in which the BSC checks the servers for user authentication, select the

server's priority from the Precedence drop-down list.

Note that 1 means the server is checked first. The precedence you configure here does

not apply to Transparent NTLM Windows logins, Transparent 802.1x logins, or local

users in the BSC database, because these authentication schemes are always checked

first.

If you set a Precedence for a server that is the same as that set for a previously configured

server, the previous server's Precedence, and that of all servers having a lower

configured precedence, is incremented by 1. For example, if server A already has a

Precedence of 1 and server B's is 2 and you then set server C's to 1, server A's

Precedence becomes 2 and server B's becomes 3..

NTLM Server

Settings

1. Optional. Enter the Windows NT domain in which the Windows client has

membership in the Domain Name field.

2. Enter the external NTLM authentication server’s primary domain controller hostname

in the Primary Domain Controller by Host Name field. Enter the hostname only, do

not enter the host’s fully qualified domain name.

3. Enter the external NTLM authentication server’s secondary domain controller

hostname in the Secondary Domain Controller by Host Name field. Enter the

hostname only, do not enter the host’s fully qualified domain name.

Accounting To enable RADIUS accounting for this server, select the name of the external RADIUS

accounting server from the Accounting server drop-down list.

See “RADIUS Accounting” on page 7-1 to configure a new RADIUS accounting server for

selection in the drop-down list.

Alternatively, you can select the Create… option to open a window that enables you to

configure a new RADIUS accounting server. After you save the server information, you

are returned to the New RADIUS server page where you can select the RADIUS

accounting server from the drop-down list.

Mapping NTLM

attributes to

roles

1. Define the rules to determine if the user is authenticated.For each rule:

a) Enter the appropriate NTLM attribute in the Attribute field.

b) Select the appropriate Logic operator (equal to, not equal to, starts with, ends

with, contains, or [is a role]) from the drop-down list.

c) Value - Enter the appropriate value to check against the specified attribute.

d) Select the Role to assign to the user if the rule evaluates as true and the user is

authenticated from the drop-down list.

See “Defining User Roles to Enforce Network Usage Policies” on page 8-2to

define a new role available for selection in the drop-down list.

Alternatively, you can select the Create New… option to open a window that

enables you to define a new role. After you save the role information, you are