Справочник Пользователя для SonicWALL 5.8.1
User Management
1088
SonicOS 5.8.1 Administrator Guide
Step 8
To use locally configured user group settings, select the Local configuration radio button.
Step 9
In the Polling rate (minutes) field, enter a polling interval, in minutes. The security appliance
will poll the workstation running SSO Agent once every interval to verify that users are still
logged on. The default is 1.
will poll the workstation running SSO Agent once every interval to verify that users are still
logged on. The default is 1.
Step 10
Configuration on the Enforcement, Terminal Services, and Test tabs is the same as for those
tabs when SonicWALL SSO Agent is selected as the Single-sign-on method. Refer to the
procedure in
tabs when SonicWALL SSO Agent is selected as the Single-sign-on method. Refer to the
procedure in
for detailed configuration instructions for these pages.
Step 11
When you are finished with configuration on all tabs, click OK.
Configuring RADIUS for Use With NTLM
When LDAP is selected in the Authentication method for login field, RADIUS configuration
is still required when using NTLM authentication. NTLM authentication requires MSCHAP,
which is provided by RADIUS but not by LDAP.
is still required when using NTLM authentication. NTLM authentication requires MSCHAP,
which is provided by RADIUS but not by LDAP.
The Configure button next to RADIUS may also be required for CHAP/NTLM is enabled
when LDAP authentication is selected on the Users > Settings page.
when LDAP authentication is selected on the Users > Settings page.
If LDAP is configured, then it will be used for user group membership lookups after a user’s
credentials provided by NTLM have been authenticated via RADIUS. Thus, when using NTLM
it is not necessary to configure RADIUS to return user group membership information (which
can be very complex to do with some RADIUS servers, such as IAS).
credentials provided by NTLM have been authenticated via RADIUS. Thus, when using NTLM
it is not necessary to configure RADIUS to return user group membership information (which
can be very complex to do with some RADIUS servers, such as IAS).
Note
Windows 7 and Vista machines require additional configuration to use RADIUS
authentication with browser NTLM authentication via Internet Explorer. See the
authentication with browser NTLM authentication via Internet Explorer. See the
.
To configure RADIUS settings, click the Configure button and follow the instructions in the
.
Configuring NTLMv2 Session Security on Windows
In Microsoft Windows 7 and Vista, Internet Explorer uses the NTLMv2 variant of NTLM by
default. The NTLMv2 variant cannot be authenticated via RADIUS in the same way as NTLM.
To use browser NTLM authentication as the SSO method with these versions of Windows, the
Windows machines must be configured to use NTLMv2 Session Security instead of NTLMv2.
NTLMv2 Session Security is a variant that is designed to be compatible with RADIUS/
MSCHAPv2. This configuration is performed using Windows Group Policy.
default. The NTLMv2 variant cannot be authenticated via RADIUS in the same way as NTLM.
To use browser NTLM authentication as the SSO method with these versions of Windows, the
Windows machines must be configured to use NTLMv2 Session Security instead of NTLMv2.
NTLMv2 Session Security is a variant that is designed to be compatible with RADIUS/
MSCHAPv2. This configuration is performed using Windows Group Policy.