User Management
1088
SonicOS 5.8.1 Administrator Guide
Step 8 To use locally configured user group settings, select the Local configuration radio button.
Step 9 In the Polling rate (minutes) field, enter a polling interval, in minutes. The security appliance
will poll the workstation running SSO Agent once every interval to verify that users are still
logged on. The default is 1.
Step 10 Configuration on the Enforcement, Terminal Services, and Test tabs is the same as for those
tabs when SonicWALL SSO Agent is selected as the Single-sign-on method. Refer to the
procedure in “Configuring Your SonicWALL Security Applian
ce for SonicWALL SSO Agent” on
page 1077 for detailed configuration instructions for these pages.
Step 11 When you are finished with configuration on all tabs, click OK.
Configuring RADIUS for Use With NTLM
When LDAP is selected in the Authentication method for login field, RADIUS configuration
is still required when using NTLM authentication. NTLM authentication requires MSCHAP,
which is provided by RADIUS but not by LDAP.
The Configure button next to RADIUS may also be required for CHAP/NTLM is enabled
when LDAP authentication is selected on the Users > Settings page.
If LDAP is configured, then it will be used for user group membership lookups after a user’s
credentials provided by NTLM have been authenticated via RADIUS. Thus, when using NTLM
it is not necessary to configure RADIUS to return user group membership information (which
can be very complex to do with some RADIUS servers, such as IAS).
Note Windows 7 and Vista machines require additional configuration to use RADIUS
authentication with browser NTLM authentication via Internet Explorer. See the
“Configuring NTLMv2 Session Security on Windows” section on page 1088.
To configure RADIUS settings, click the Configu
re button and follow the instructions in the
“Configuring RADIUS Authentication” section on page 1039.
Configuring NTLMv2 Session Security on Windows
In Microsoft Windows 7 and Vista, Internet Explorer uses the NTLMv2 variant of NTLM by
default. The NTLMv2 variant cannot be authenticated via RADIUS in the same way as NTLM.
To use browser NTLM authentication as the SSO method with these versions of Windows, the
Windows machines must be configured to use NTLMv2 Session Security instead of NTLMv2.
NTLMv2 Session Security is a variant that is designed to be compatible with RADIUS/
MSCHAPv2. This configuration is performed using Windows Group Policy.