Users Guide
224 | Dell PowerConnect W-Series ArubaOS 6.2 | User Guide
2. In the Profiles list, expand the Stateful NTLM Authentication Profile.
3. To define settings for an
existing
profile, click that profile name in the profiles list.
To create and define settings for a
new
Stateful NTLM Authentication profile, select an existing profile, then
click the Save As button in the right window pane. Enter a name for the new profile in the entry field. at the top
of the right window pane.
4. Click the Default Role drop-down list, and select the role to be assigned to all users after they complete stateful
NTLM authentication.
5. Specify the timeout period for authentication requests, from 1-20 seconds. The default value is 10 seconds.
6. Select the Mode checkbox to enable stateful NTLM authentication.
7. Click Apply.
8. In the Profiles list, select the Server Group entry below the Stateful NTLM Authentication profile.
9. Click the Server Group drop-down list and select the group of Windows servers you want to use for stateful
NTLM authentication.
10. Click Apply.
In the CLI
Use the following commands to configure stateful NTLM authentication via the command-line interface. The first
set of commands defines the Windows server used for NTLM authentication, the second set adds that server to a
server group, and the third set of commands associates that server group with the stateful NTLM authentication
profile then defines the profile settings.
(host)(config)# aaa authentication-server windows <windows_server_name>
host <ipaddr>
enable
!
(host)(config)# aaa server-group group <server-group>
auth-server <windows_server_name>
!
(host)(config)# aaa authentication stateful-ntlm
default-role <role>
enable
server-group <server-group>
timeout <seconds>
Configuring Stateful Kerberos Authentication
The Stateful Kerberos Authentication profile requires that you specify a server group which includes the Kerberos
servers and the role to be assigned to users who are successfully authenticated. For details on defining a windows
server used for Kerberos authentication, see "Configuring a Windows Server" on page 174.
When the user logs off or shuts down the client machine, the user remains in the authenticated role until the user
ages out, that is, until the user has sent no traffic for the amount of time specified in the User Idle Timeout setting
in the Configuration > Security > Authentication > Advanced page.
In the WebUI
To create and configure a new instance of a stateful Kerberos authentication profile via the WebUI:
1. Navigate to the Configuration > Security > Authentication > L3 Authenticationpage.