Sun Java System Federation Manager 7.0 User's Guide

Windows NT

The Windows NT Authentication module allows for authentication against a Microsoft Windows NT server. The values applied to them under Service Configuration become the default values for the Windows NT Authentication template. The service template needs to be created after registering the service for the organization. The default values can be changed after registration by the administrator.

Note –

In order to activate the Windows NT Authentication module, Samba Client 2.2.2 must be downloaded and installed to the following directory:


The Samba Client is a file and print server for blending Windows and UNIX machines without requiring a separate Windows NT/2000 Server. Red Hat Linux ships with a Samba client, located in the/usr/bin directory. In order to authenticate using the Windows NT Authentication service for Linux, copy the client binary toFederationManager-base/identity/bin.

The Windows NT attributes are:

Authentication Domain

Defines the name of the domain to which the user belongs.

Authentication Host

Defines the name of the Windows NT authentication host. Name resolution will be performed based on the netBIOS name as opposed to the fully qualified domain name (FQDN). If you do not have a server on your subnet supplying netBIOS name resolution, the mappings should be hardcoded. By default, the first part of the FQDN is the netBIOS name. For example, the host name should be example1 not

Note –

If the DHCP (Dynamic Host Configuration Protocol) is used, put a suitable entry in the HOSTS file on the Windows 2000 machine.

Samba Configuration File Name

Defines the Samba configuration filename and supports the -s option in the smbclient command. The value must be the full directory path where the Samba configuration file is located. For example, /etc/opt/SUNWam/config/smb.conf.

Authentication Level

The authentication level is set separately for each method of authentication. The value indicates how much to trust an authentication mechanism. Once a user has authenticated, this value is stored in the SSO token for the session. When the SSO token is presented to an application the user wants to access, the application uses the stored value to determine whether the level is sufficient to grant the user access. If the authentication level stored in an SSO token does not meet the minimum value required, the application can prompt the user to authenticate again through a service with a higher authentication level. The default value is 0.

Note –

If no authentication level is specified, the SSO token stores the value specified in the Core Authentication attribute Default Authentication Level.