|
| |
| Sun Java System Access Manager 6 2005Q1 Administration Guide | |
Chapter 27
NT Authentication AttributesThe NT Authentication Attributes are organization attributes. The values applied to them under Service Configuration become the default values for the NT Authentication template. The service template needs to be created after registering the service for the organization. The default values can be changed after registration by the organization’s administrator. Organization attributes are not inherited by entries in the subtrees of the organization.
In order to activate the NT Authentication module, Samba Client 2.2.2 must be downloaded and installed to the following directory:
AcessManager-base/SUNWam/bin
Samba Client is a file and print server for blending Windows and UNIX machines together without requiring a separate Windows NT/2000 Server. More information, and the download itself, can be accessed at http://wwws.sun.com/software/download/products/3e3af224.html.
Red Hat Linux ships with a Samba client, located in the following directory:
/usr/bin
In order to authenticate using the NT Authentication service for Linux, copy the client binary to the following Access Manager directory:
AccessManager-base/identity/bin
The NT Authentication attributes are:
NT Authentication Domain
This attribute defines the Domain name to which the user belongs.
NT Authentication Host
This attribute defines the NT authentication hostname. The hostname should be the netBIOS name, as opposed to the fully qualified domain name (FQDN). By default, the first part of the FQDN is the netBIOS name.
If the DHCP (Dynamic Host Configuration Protocol) is used, you would put a suitable entry in the HOSTS file on the Windows 2000 machine.
Name resolution will be performed based on the netBIOS name. If you do not have any server on your subnet supplying netBIOS name resolution, the mappings should be hardcoded.
For example, the hostname should be example1 not example1.company1.com.
NT Samba Configuration File Name
This attribute defines the Samba configuration filename and supports the -s option in the smbclient command. The value must be the full directory path where the Samba configuration file is located. For example:
/etc/opt/SUNWam/config/smb.conf
Authentication Level
The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0.
Note
If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Auth Level. See “Default Authentication Level” on page 306 for details. .