You are here: Home > CLI Commands > Just_CLI_Topics > aaa authentication stateful-ntlm

aaa authentication stateful-ntlm

aaa authentication stateful-ntlm <profile-name>

clone

default-role <role>

enable

no

server-group <server-group>

timeout <timeout>

Description

This command configures stateful NTLM authentication.

Syntax

Parameter

Description

Range

Default

clone

Create a copy of an existing stateful NTLM profile

default-role

Select an existing role to assign to authenticated users.

guest

enable

Enables stateful ntlm authentication profile for clients. Use no enable to disable stateful ntlm authentication.

enabled

no

Negates any configured parameter.

server-group <server-group>

Name of a server group.

default

timeout <timeout>

Amount of time, in seconds, before the request times out.

1-20 seconds

10 seconds

Usage Guidelines

NTLM is a suite of Microsoft authentication and session security protocols. You can use a stateful NTLM authentication profile to configure a managed device to monitor the NTLM authentication messages between clients and an authentication server. The managed device can then use the information in the SMBServer Message Block or Small and Medium Business. Server Message Block operates as an application-layer network protocol mainly used for providing shared access to files, printers, serial ports, and for miscellaneous communications between the nodes on a network. headers to determine the username and IP address of the client, the server IP address and the current authentication status client. If the client successfully authenticates via an NTLM authentication server, the managed device can recognize that the client has been authenticated and assign that client a specified user role. When the user logs off or shuts down the client machine, the user will remain in the authenticated role until the user’s authentication is aged out.

The stateful NTLM Authentication profile requires that you specify a server group which includes the servers performing NTLM authentication, and a default role to be assigned to authenticated users. For details on defining a windows server used for NTLM authentication, see aaa authentication-server windows.

Example

The following example configures a stateful NTLM authentication profile that authenticates clients via the server group “Windows1.” Users who are successfully authenticated are assigned the “guest2” role.

(host) ^[md] (config) #aaa authentication stateful-ntlm ntlm1

(host) ^[md] (Stateful NTLM Authentication Profile "ntlm1") #default-role guest2

(host) ^[md] (Stateful NTLM Authentication Profile "ntlm1") #server-group Windows1

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Config mode on Mobility Master.

/*]]>*/