Use this table when configuring an Integrated Windows Authentication scheme based on the scheme type Windows Authentication (previously known as NTLM). This scheme type is used to authenticate against WinNT or Active Directory user stores.
An Active Directory can be configured to run in mixed mode or native mode. An Active Directory supports WinNT style authentication when running in mixed mode. In native mode, an Active Directory supports only LDAP style lookups.
This authentication scheme supports either mixed mode or native mode.
The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type |
Value Assignment and Meaning |
---|---|
Scheme type |
nType=Sm_Api_SchemeType_NTLM The scheme type Windows Authentication (NTLM). |
Description |
pszDesc=description The description of the authentication scheme. |
Protection level |
nLevel=value A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5. |
Library |
pszLib="smauthntlm" The default library for this scheme type. |
Parameter |
pszParam=param The value of pszParam determines the style of authentication to perform for this scheme: NTLM authentication (for WinNT or Active Directory running in mixed mode) Format: iis-web-server-url/path-to-ntc-file In the format, iis-web-server-url is the name of the IIS web server that is the target of the redirection, and path-to-ntc-file is the location of the .ntc file that collects the WinNT credentials. For example: http://myiiswebserver.mycompany.com/ A SiteMinder Web Agent must be installed on the specified server. By default, the Web Agent installation creates a virtual directory for NTLM credential collection. Windows Authentication (for Active Directory running in native mode) With this authentication style, pszParam has an LDAP filter added to the beginning of the redirection URL. The filter and URL are separated by a semi-colon (;). For example: cn=%{UID},ou=Users,ou=USA,dc=%{DOMAIN}, SiteMinder uses the LDAP filter to map credentials received from the browser/Web Agent to an LDAP DN or search filter. |
Shared secret |
pszSecret="" Set to an empty string. Not applicable to this scheme. |
Is template? |
bIsTemplate=0 Set to false (0) to indicate that the scheme is not a template. Any other value is ignored. |
Is used by administrator? |
bIsUsedbyAdmin=0 Set to false (0)-scheme is not used to authenticate administrators. |
Save credentials? |
bAllowSaveCreds=0 Set to false (0) to indicate that user credentials won't be saved. |
Is RADIUS? |
bIsRadius=0 Set to false (0)-scheme is not used with RADIUS agents. |
Ignore password check? |
bIgnorePwCheck=flag For WinNT and for Active Directory running in mixed mode, this property must be true (1)-ignore password checking. For Active Directory running in native mode, set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0. |
Copyright © 2014 CA.
All rights reserved.
|
|