Windows Authentication Template

Use this table when configuring an Integrated Windows Authentication scheme based on the schemetype Windows Authentication (previously known as NTLM). This scheme type is used to authenticate against WinNT or Active Directory user stores.
casso1283
Use this table when configuring an Integrated Windows Authentication scheme based on the schemetype Windows Authentication (previously known as NTLM). This scheme type is used to authenticate against WinNT or Active Directory user stores.
An Active Directory can be configured to run in
mixed mode
or
native mode
. An Active Directory supports WinNT style authentication when running in mixed mode. In native mode, an Active Directory supports only LDAP style lookups.
This authentication scheme supports either mixed mode or native mode.
The structure fields referenced in the table are in Sm_PolicyApi_Scheme_t.
Information Type
Value Assignment and Meaning
Scheme type
nType
=Sm_Api_SchemeType_NTLM
The scheme type Windows Authentication (NTLM).
Description
pszDesc
=
description
The description of the authentication scheme.
Protection level
nLevel
=
value
A value of 1 through 1000. The higher the number, the greater degree of protection provided by the scheme. Default is 5.
Library
pszLib
="smauthntlm"
The default library for this scheme type.
Parameter
pszParam
=
param
The value of
pszParam
determines the style of authentication to perform for this scheme:
NTLM authentication
(for WinNT or Active Directory running in mixed mode)
Format:
iis-web-server-url
/
path-to-ntc-file
In the format,
iis-web-server-url
is the name of the IIS web server that is the target of the redirection, and
path-to-ntc-file
is the location of the .ntc file that collects the WinNT credentials.
For example:
http://myiiswebserver.mycompany.com/siteminderagent/ntlm/creds.ntc
A
SiteMinder
Web Agent must be installed on the specified server. By default, the Web Agent installation creates a virtual directory for NTLM credential collection.
Windows Authentication
(for Active Directory running in native mode)
With this authentication style,
pszParam
has an LDAP filter added to the beginning of the redirection URL. The filter and URL are separated by a semi-colon (;). For example:
cn=%{UID},ou=Users,ou=USA,dc=%{DOMAIN},dc=mycompany,dc=com;http://myiiswebserver.mycompany.com/siteminderagent/ntlm/creds.ntc
SiteMinder
uses the LDAP filter to map credentials received from the browser/Web Agent to an LDAP DN or search filter.
Shared secret
pszSecret
=""
Set to an empty string. Not applicable to this scheme.
Is template?
bIsTemplate
=0
Set to false (0) to indicate that the scheme is not a template. Any other value is ignored.
Is used by administrator?
bIsUsedbyAdmin
=0
Set to false (0)-scheme is not used to authenticate administrators.
Save credentials?
bAllowSaveCreds
=0
Set to false (0) to indicate that user credentials won't be saved.
Is RADIUS?
bIsRadius
=0
Set to false (0)-scheme is not used with RADIUS agents.
Ignore password check?
bIgnorePwCheck
=
flag
For WinNT and for Active Directory running in mixed mode, this property must be true (1)-ignore password checking.
For Active Directory running in native mode, set to true (1) to ignore password checking, or false (0) to check passwords. Default is 0.