User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

281

282

283

284

285

286

287

288

289

290

288 | Stateful and WISPr Authentication Dell Networking W-Series ArubaOS 6.4.x| User Guide

To create and define settings for a Stateful NTLM Authentication profile, select an existing profile, then click

Save As in the right window pane. Enter a name for the new profile in the entry field at the top of the right

window pane.

4. Click the Default Role drop-down list, and select the role to be assigned to all users after they complete

stateful NTLM authentication.

5. Specify the timeout period for authentication requests, from 1to 20 seconds. The default value is 10

seconds.

6. Select the Mode checkbox to enable stateful NTLM authentication.

7. Click Apply.

8. In the Profiles list, select the Server Group entry below the Stateful NTLM Authentication profile.

9. Click the Server Group drop-down list and select the group of Windows servers you want to use for

stateful NTLM authentication.

10.Click Apply.

In the CLI

Use the commands below to configure stateful NTLM authentication via the command-line interface. The first

set of commands defines the Windows server used for NTLM authentication, the second set adds that server

to a server group. The third set associates that server group with the stateful NTLM authentication profile then

defines the profile settings.

(host)(config)# aaa authentication-server windows <windows_server_name>

host <ipaddr>

enable

(host)(config)# aaa server-group group <server-group>

auth-server <windows_server_name>

(host)(config)# aaa authentication stateful-ntlm

default-role <role>

enable

server-group <server-group>

timeout <seconds>

Configuring Stateful Kerberos Authentication

The Stateful Kerberos Authentication profile requires that you specify a server group which includes the

Kerberos servers and the role to be assigned to users who are successfully authenticated. For details on

defining a windows server used for Kerberos authentication, see Configuring a Windows Server on page 235.

When the user logs off or shuts down the client machine, the user remains in the authenticated role until the

user ages out, that is, until the user has sent no traffic for the amount of time specified in the User Idle Timeout

setting in the Configuration > Security > Authentication > Advanced page.

In the WebUI

To create and configure a new instance of a stateful Kerberos authentication profile via the WebUI:

1. Navigate to the Configuration > Security > Authentication > L3 Authentication page.

2. In the Profiles list, expand the Stateful Kerberos Authentication Profile.

3. To define settings for an existing profile, click that profile name in the Profiles list.