Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Windows NT Authenticator: Provider Specific

Configuration Options     Related Tasks     Related Topics

Use this page to define the provider specific configuration of this Window NT Authentication provider.

Note: The Windows NT Authentication provider is deprecated as of WebLogic Server 10.0. Use one or more other supported authentication providers instead.

Configuration Options

Name Description
Domain Controllers

The domain controllers used for locating unscoped usernames during authentication, listing users/groups, and handling unscoped names.

Possible settings:

  • Local

    --local machine only.

  • LocalAndDomain

    --the local machine and the domain that the machine is a member of (if it is not standalone).

  • Domain

    --the domain that the machine is a member.

  • List

    --Use the domain constrollers specified in the Domain Controller List setting.

MBean Attribute:
WindowsNTAuthenticatorMBean.DomainControllers

Domain Controller List

A list of the domain controllers used for locating unscoped usernames during authentication, listing users/groups, and handling unscoped names.Use if the Domain Controllers is set to List.

The specified list should contain the domain controller names in trusted domains. Placeholders are supported and will expand if specified. Supported placeholders are [Local],[LocalAndDomain], [Domain].

MBean Attribute:
WindowsNTAuthenticatorMBean.DomainControllerList

Bad Domain Controller Retry

Determines how the provider reacts when a bad domain controller name is found.

Possible settings:

  • Delay

    indicates the domain controller can be used again only after a certain amount of time has elapsed since it was last tried unsuccessfully.

  • Never

    indicates a bad domain controller is never retried.

  • Always

    indicates a bad domain controller is always retried.

MBean Attribute:
WindowsNTAuthenticatorMBean.BadDomainControllerRetry

Bad Domain Controller Retry Interval

This time to wait when a bad domain controller name is found before trying to use the domain controller again. Use if the BadDomainControllerRetry is set to Delay. This setting helps reduces performance hits when a domain controller in the list of controllers is temporarily unavailable

MBean Attribute:
WindowsNTAuthenticatorMBean.BadDomainControllerRetryInterval

Map UPN Names

Indicates how the Windows NT Authentication provider should map UPN-style names for authentication (meaning will username@domain be used).

Possible settings:

  • First--names which match the UPN format should be treated as a UPN name first. If the name isn't a UPN name, the name will be treated as an unscoped name.
  • Last--names which match the UPN format should be treated as a UPN name only if the name failed to be matched as an unscoped name.
  • Always--names which match the UPN format will always be treated as a UPN name.

This setting should only be used when there are no usernames with @. domain\\username is not ambiguous and is always allowed.

MBean Attribute:
WindowsNTAuthenticatorMBean.MapUPNNames

Logon Type

Specfies whether the logon process should use Network or Interactive logon.

MBean Attribute:
WindowsNTAuthenticatorMBean.LogonType

Map NT Domain Name

Specifies whether the Windows NT domain information should be placed into principal names during authentication.

Possible settings:

  • Never--the Windows NT domain name is not placed in the principal names.
  • OldUPN--the Windows NT domain name is placed in the principal names as domain\\name.
  • UPN-- the Windows NT domain name is placed in the principal names as name@domain.

MBean Attribute:
WindowsNTAuthenticatorMBean.MapNTDomainName

Related Tasks

Related Topics


Back to Top