Sun Java System Access Manager 7.1 Administration Reference

Windows NT

The Windows NT Authentication module allows for authentication against a Microsoft Windows NT server. The attributes are realm attributes. The values applied to them under Service Configuration become the default values for the Windows NT Authentication template. The service template needs to be created after registering the service for the realm. The default values can be changed after registration by the realm's administrator. realm attributes are not inherited by entries in the subtrees of the realm.

In order to activate the Widows NT Authentication module, Samba Client 2.2.2 must be downloaded and installed to the following directory:


The Samba Client is a file and print server for blending Windows and UNIX machines without requiring a separate Windows NT/2000 Server.

Red Hat Linux ships with a Samba client, located in the/usr/bin directory.

In order to authenticate using the Windows NT Authentication service for Linux, copy the client binary toAccessManager-base /identity/bin.

The Windows NT attributes are:

Authentication Domain

Defines the Domain name to which the user belongs.

Authentication Host

Defines the Windows NT authentication hostname. The hostname should be the netBIOS name, as opposed to the fully qualified domain name (FQDN). By default, the first part of the FQDN is the netBIOS name.

If the DHCP (Dynamic Host Configuration Protocol) is used, you would put a suitable entry in the HOSTS file on the Windows 2000 machine.

Name resolution will be performed based on the netBIOS name. If you do not have any server on your subnet supplying netBIOS name resolution, the mappings should be hardcoded. For example, the hostname should be example1 not

Samba Configuration File Name

Defines the Samba configuration filename and supports the -s option in the smbclient command. The value must be the full directory path where the Samba configuration file is located. For example: /etc/opt/SUNWam/config/smb.conf

Authentication Level

The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication mechanism. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0.

Note –

If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Authentication Level.