Configuring Stateful NT LAN Manager Authentication

The Stateful NTLM Authentication profile requires that you specify a server group, which includes the servers performing NT LAN Manager authentication and the role to be assigned to users who are successfully authenticated. For details on defining a windows server used for NT LAN Manager authentication, see Configuring a Windows Server.

When a user logs off or shuts down the client machine, the user remains in the authenticated role until the user ages out, meaning there is no user traffic for the amount of time specified in the User idle timeout setting under Configuration > Authentication > Advanced > Authentication Timers.

The following procedure describes how to configure a stateful NTLM authentication profile:

  1. In the Managed Network node hierarchy, navigate to the Configuration > Authentication page.
  2. Select Stateful NTLM Authentication from the L3 Authentication tab.
  3. Under Stateful NTLM Authentication Profile: New Profile, click the + to add a new profile entry. To modify an existing stateful NT LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. Manager authentication profile, select a profile entry below Stateful NTLM Authentication in the L3 Authentication list.
  4. Enter a Profile name.
  5. From the Default Role drop-down list, select the role to be assigned to all users after completing stateful NT LAN Manager authentication.
  6. Select the Mode check box to enable stateful NT LAN Manager authentication.
  7. Specify the Timeout period for authentication requests, between 1 and 20 seconds.

    The default value is 10 seconds.

  8. Click Submit.
  9. In the L3 Authentication list, select the Server Group entry below the stateful NT LAN Manager authentication profile.
  10. Select the group of Windows servers to be used for stateful NT LAN Manager authentication from the Server Group drop-down list.
  11. To enable authentication fail through and load balancing, select the check boxes for Fail Through and Load Balance.
  12. Click Submit.
  13. Select Pending Changes.
  14. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI commands configure stateful NT LAN Manager authentication. The first set of commands defines the Windows server used for NT LAN Manager authentication, and the second set adds that server to a server group. The third set associates that server group with the stateful NT LAN Manager authentication profile, then defines the profile settings.

(host) [md] (config) #aaa authentication-server windows <windows_server_name>

clone <source>

domain <domain>

enable

host <host>

(host) [md] (config) #aaa server-group <sg_name>

allow-fail-through

auth-server <name> [match-authstring {contains <sub_string>|equals <sub_string>|starts-with <sub_string>][match-fqdn {all|<fqdn>}][position <prio>][trim-fqdn]

clone <source>

load-balance

set {role|vlan} condition <attribute> [contains <operand>|ends-with <operand>|equals <operand>|not-equals <operand>|starts-with <operand>][value-of][set-value <set-value-str>][position <number>]

(host) [md] (config) #aaa authentication stateful-ntlm <profile-name>

clone <source>

default-role <default-role>

enable

server-group <server-group>

timeout <timeout>

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands display the servers and profiles configured for stateful NT LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. Manager authentication:

(host) [md] #show aaa authentication-server window

(host) [md] #show aaa server-group

(host) [md] #show aaa authentication stateful-ntlm