Windows NT Authenticator: Provider Specific
Configuration Options Related Tasks Related Topics
Use this page to define the provider specific configuration of this Window NT Authentication provider.
Note: The Windows NT Authentication provider is deprecated as of WebLogic Server 10.0. Use one or more other supported authentication providers instead.
Name Description Domain Controllers
The domain controllers used for locating unscoped usernames during authentication, listing users/groups, and handling unscoped names.
--local machine only.
--the local machine and the domain in which the machine is a member (if it is not standalone).
--the domain in which the machine is a member.
--Use the domain controllers specified in the Domain Controller List setting.
Domain Controller List
A list of the domain controllers used for locating unscoped usernames during authentication, listing users/groups, and handling unscoped names. Use if the Domain Controllers is set to List.
The specified list should contain the domain controller names in trusted domains. Placeholders are supported and will expand if specified. Supported placeholders are [Local],[LocalAndDomain], [Domain].
Bad Domain Controller Retry
Determines how the provider reacts when a bad domain controller name is found.
indicates the domain controller can be used again only after a certain amount of time has elapsed since it was last tried unsuccessfully.
indicates a bad domain controller is never retried.
indicates a bad domain controller is always retried.
Bad Domain Controller Retry Interval
This time to wait when a bad domain controller name is found before trying to use the domain controller again. Use if the BadDomainControllerRetry is set to Delay. This setting helps reduce performance hits when a domain controller in the list of controllers is temporarily unavailable.
Map UPN Names
Indicates how the Windows NT Authentication provider should map UPN-style names for authentication (that is, whether
- First--names that match the UPN format should be treated as a UPN name first. If the name isn't a UPN name, the name will be treated as an unscoped name.
- Last--names that match the UPN format should be treated as a UPN name only if the name failed to be matched as an unscoped name.
- Always--names that match the UPN format will always be treated as a UPN name.
This setting should only be used when there are no usernames with @. domain\\username is not ambiguous and is always allowed.
Specifies whether the logon process should use Network or Interactive logon.
Map NT Domain Name
Specifies whether the Windows NT domain information should be placed into principal names during authentication.
- Never--the Windows NT domain name is not placed in the principal names.
- OldUPN--the Windows NT domain name is placed in the principal names as domain\\name.
- UPN-- the Windows NT domain name is placed in the principal names as name@domain.