SonicOS 8 Users
- SonicOS 8
- About SonicOS
- About User Management
- Using Local Users and Groups for Authentication
- Using RADIUS for Authentication
- Using LDAP/Active Directory/eDirectory Authentication
- Using RADIUS
- Using TACACS+
- Using Single Sign-On
- What is Single Sign-On?
- Benefits of SonicWall SSO
- Platforms and Supported Standards
- How Does Single Sign-On Work?
- How Does SSO Agent Work?
- How Does Terminal Services Agent Work?
- How Does Browser NTLM Authentication Work?
- How Does RADIUS Accounting for Single-Sign-On Work?
- Installing the Single Sign-On Agent and/or Terminal Services Agent
- Single Sign-On Advanced Features
- Configuring Access Rules
- Managing SonicOS with HTTP Login from a Terminal Server
- Viewing and Managing SSO User Sessions
- Multiple Administrator Support
- Configuring Users Status
- Configuring User Settings
- User Login Settings
- Setting the Authentication Method for Login
- Configuring RADIUS Authentication
- Configuring LDAP
- Configuring TACACS+
- Requiring User Names be Treated as Case-Sensitive
- Preventing Users From Logging in from More than One Location
- Forcing Users to Log In Immediately After Changing Their Passwords
- Displaying User Login Information Since the Last Login
- Setting the Single-Sign-On Methods
- One-Time Password Settings
- Configuring the User Web Login Settings
- Adding URLs to Authentication Bypass
- User Session Settings
- Accounting
- [[[Missing Linked File System.LinkedTitle]]]
- User Login Settings
- Configuring Local Users and Groups
- Configuring Guest Services
- Configuring Guest Accounts
- Managing Guest Status
- SonicWall Support
NTLM
NTLM browser authentication allows the SonicWall to automatically authenticate the user of a browser directly with no SSO agent involvement.
NTLM authentication is supported by Mozilla-based browsers and can be used as a supplement to identifying users via an SSO agent or, with some limitations, on its own without the agent. The firewall interacts directly with the browser to authenticate the user. Users logged in with domain credentials are authenticated transparently; in other cases the user may need to enter credentials to login to the appliance, but should only need to do so once as the credentials are saved.
- Navigate to the Device > Users > Settings > Authentication page.
- Next to Configure SSO, click Configure.
The SSO Configuration page is displayed.
-
Under the NTLM tab, select the following:
-
Select Use NTLM to authenticate HTTP/HTTPS traffic to use NTML authentication.
-
Select the Use the domain from the LDAP configuration to use the same domain that is used in the LDAP configuration.
-
In Authentication domain, enter the full DNS name of the firewall’s domain in the form “www.somedomain.com”
-
In Redirect the browser to this appliance via, select one of the following options to determine how a user’s browser is initially redirected to the firewall’s own Web server:
-
The interface IP address: Select this to redirect the browser to the IP address of the appliance Web server interface.
-
Its domain name from a reverse DNS lookup of the interface IP address: Enables the Show Reverse DNS Cache button at the bottom of the window; when clicked, a popup displays the appliance Web server’s Interface, IP Address, DNS Name, and TTL in seconds. Click the button to verify the domain name (DNS name) being used for redirecting the user’s browser.
-
Its configured domain name: Use the firewall's domain name as configured on the Device > Settings > Administration page.
-
The name from the administration certificate: Use the imported certificate that is selected for HTTPS Web Management on the Device > Settings > Administration page.
-
-
Enter a number of retries in the Maximum retries to allow on authentication failure.
-
If you are using older legacy servers that require legacy LAN Manager components to be included in NTLM messages, select the Forward legacy LanMan in NTLM.
-
To detect when users log out, select the polling method to be used by the appliance for Windows, Linux, and Macintosh users in the On the poll timer, for users authenticated user via NTLM options. Select the one of the following methods for users on each type of computer:
-
Re-authenticate via NTLM: This method is transparent to the user if the browser is configured to store the domain credentials, or the user instructed the browser to save the credentials.
-
Don’t re-authenticate: If you select this option, logout will not be detected other than via the inactivity timeout.
-
-
- Click Save.
Was This Article Helpful?
Help us to improve our support portal