User Management
1021
SonicOS 5.8.1 Administrator Guide
• Select Browser NTLM authentication only if you want to authenticate Web users without
using the SonicWALL SSO Agent or TSA. Users are identified as soon as they send HTTP
traffic. NTLM requires RADIUS to be configured (in addition to LDAP, if using LDAP), for
access to MSCHAP authentication. If LDAP is selected above, a separate Configure
button for RADIUS appears here when NTLM is selected.
• Select None if not using SSO.
For detailed SSO configuration instructions,
see “Configuring Single Sign-On” on
page 1060.
For Browser NTLM authentication configuration,
see “Configuring Your SonicWALL
Appliance for Browser NTLM Authentication” se
ction on page 1087.
In the Show user authentication page for field, enter the number of minutes that a user has
to log in before the login page times out. If it times out, a message displays saying they must
click before attempting to log in again.
Select Case-sensitive user names to enable matching based on capitalization of user account
names.
Select Enforce login uniqueness to prevent the same user name from being used to log into
the network from more than one location at a time. This setting applies to both local users and
RADIUS/LDAP users. However the login uniqueness setting does not apply to the default
administrator with the username admin.
Select Redirect users from HTTPS to HTTP on completion of login if you want users to be
connected to the network through your SonicWALL appliance via HTTP after logging in via
HTTPS. If you have a large number of users logging in via HTTPS, you may want to redirect
them to HTTP, because HTTPS consumes more system resources than HTTP. If you deselect
this option, you will see a warning dialog.
Select Allow HTTP login with RADIUS CHAP mode to have a CHAP challenge be issued
when a RADIUS user attempts to log in using HTTP. This allows for a secure connection without
using HTTPS, preventing the browser from sending the password in clear text over HTTP. Be
sure to check that the RADIUS server supports this option.
Note Administrators who log in using this method will be restricted in the management operations
they can perform (because some operations require the appliance to know the
administrator's password, which is not the case for this authentication method).
Select either Plain text or HTML for One-time password Email format, depending on your
preference if you are using One-Time Password authentication.
User Session Settings
The settings listed below apply to all users when authenticated through the SonicWALL.
• Inactivity timeout (minutes): users can be logged out of the SonicWALL after a
preconfigured inactivity time. Enter the number of minutes in this field. The default value is
5 minutes.