Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200

361

362

363

364

365

366

367

368

369

370

361 | Stateful and WISPr Authentication Dell Networking W-Series ArubaOS 6.4.x| User Guide

To create and define settings for a Stateful NTLM Authentication profile, select an existing profile, then click

Save As in the right window pane. Enter a name for the new profile in the entry field at the top of the right

window pane.

4. Click the Default Role drop-down list, and select the role to be assigned to all users after they complete

stateful NTLM authentication.

5. Specify the timeout period for authentication requests, between 1 and 20 seconds. The default value is 10

seconds.

6. Select the Mode checkbox to enable stateful NTLM authentication.

7. Click Apply.

8. In the Profiles list, select the Server Group entry below the Stateful NTLM Authentication profile.

9. Click the Server Group drop-down list and select the group of Windows servers you want to use for

stateful NTLM authentication.

10.Click Apply.

In the CLI

Use the commands below to configure stateful NTLM authentication via the command-line interface. The first

set of commands defines the Windows server used for NTLM authentication, and the second set adds that

server to a server group. The third set associates that server group with the stateful NTLM authentication

profile, then defines the profile settings.

(host)(config)# aaa authentication-server windows <windows_server_name>

host <ipaddr>

enable

(host)(config)# aaa server-group group <server-group>

auth-server <windows_server_name>

(host)(config)# aaa authentication stateful-ntlm

default-role <role>

enable

server-group <server-group>

timeout <seconds>

Configuring Stateful Kerberos Authentication

The Stateful Kerberos Authentication profile requires that you specify a server group, which includes the

Kerberos servers and the role assigned to authenticated users. For details on defining a windows server used

for Kerberos authentication, see Configuring a Windows Server on page 263.

When the user logs off or shuts down the client machine, the user remains in the authenticated role until the

user ages out, meaning there is no user traffic for the amount of time specified in the User Idle Timeout setting

in the Configuration > Security > Authentication > Advanced page.

In the WebUI

To create and configure a new stateful Kerberos authentication profile via the WebUI:

1. Navigate to the Configuration > Security > Authentication > L3 Authentication page.

2. In the Profiles list, expand the Stateful Kerberos Authentication Profile.

3. To define settings for an existing profile, click the profile name in the Profiles list.