Filter
Top Products
User Management
1084
SonicOS 5.8.1 Administrator Guide
Step 35 Select one of the following choices from the Use NTLM to authenticate HTTP traffic pulldown
list:
• Never – Never use NTML authentication.
• Before attempting SSO via the agent – Try to authenticate users with NTLM before using
the SonicWALL SSO agent.
• Only if SSO via the agent fails – Try to authenticate users via the SSO agent first; if that
fails, try using NTLM.
Step 36 For Authentication domain, do one of the following:
• Enter the full DNS name of the SonicWALL appliance’s domain in the form
“www.somedomain.com”
• Select the Use the domain from the LDAP configuration checkbox to use the same
domain that is used in the LDAP configuration.
Fully transparent authentication can only occur if the browser
sees the appliance domain as the
local domain.
Step 37 For Redirect the browser to this appliance via, select one of the folllowing options to
determine how a user’s browser is initially redirected to the SonicWALL appliance’s own Web
server:
• The interface IP address – Select this to redirect the browser to the IP address of the
appliance Web server interface.
• Its domain name from a reverse DNS lookup of the interface IP address – Enables the
Show Reverse DNS Cache button at the bottom of the window; when clicked, a popup
displays the appliance Web server’s Interface, IP Address, DNS Name, and TTL in
seconds. Click the button to verify the domain name (DNS name) being used for redirecting
the user’s browser.
• Its domain name – Type in the Web server domain name to which the user’s browser
should be redirected.
Step 38 Enter a number of retries in the Maximum retries to allow on authentication failure.
Step 39 To detect when users log out, select the polling method to be used by the appliance for
Windows, Linux, and Macintosh users in the On the poll timer, for users authenticated user
via NTLM options. Select the radio button for one of the following methods for users on each
type of computer:
• Poll via the SSO agent – If you are using an SSO Agent in your network, select this to use
it to poll users; for users authenticated via NTLM, the user name that the agent learns must
match the name used for the NTLM authentication, or the login session will be terminated.
You may want to select a different polling method for Linux or Mac users, as those systems
do not support the Windows networking requests used by the SSO agent.
• Re-authenticate via NTLM – This method is transparent to the user if the browser is
configured to store the domain credentials, or the user instructed the browser to save the
credentials.
• Don’t re-authenticate – If you select this option, logout will not be detected other than via
the inactivity timeout.
Step 40 If you are using older legacy servers that require legacy LAN Manager components to be
included in NTLM messages, select the Forward legacy LanMan in NTLM checkbox. This may
cause authentication to fail in newer Windows servers that don’t allow LanMan in NTLM by
default because it is not secure.