6.4 Third-Party Domain Authentication

For third-party domain authentication, the clients are members of a third-party domain such as Windows. A Windows domain controller performs the user authentication. The user name and password on the domain controller must match the user name and password used to log in to the Windows workstation.

Ensure that you understand and meet the following prerequisites before setting up third-party authentication:

6.4.1 Prerequisites

Prerequisites for the Windows Primary Domain Controller

  • Ensure that the Primary Domain Controller (PDC) is up and reachable by using the NETBIOS name of the PDC from the CIFS server. For example, WINPDC_W.

  • Disable the autodisconnect feature in the PDC to avoid resetting connection from the PDC to the CIFS server. You can do this by configuring the timeout value (in minutes) for idle sessions through the autodisconnect parameter. The valid value range is -1 to 65535. Setting the timeout period value to -1 completely disables the auto-disconnect of the idle sessions feature. For more information about how to configure the timeout period (autodisconnect parameter), see “How Autodisconnect Works in Windows NT and Windows 2000”.

  • Disable SMB signing by following the instructions in “Overview of Server Message Block Signing”

  • The desktop user or the user that has joined the domain must be the same as the CIFS user.

  • For Windows 2008 Server and later versions, apply the changes as indicated in the Microsoft Knowledge Base article.

NOTE:To access the CIFS shares when you are using third-party authentication, the Windows client might be required to log in as the same user with the same password.

Prerequisites for the CIFS Server

6.4.2 Using iManager to Enable Third-Party Authentication

  1. In a Web browser, specify the following in the address (URL) field:

    http://server_IP_address/nps/iManager.html
    

    For example:

    http://192.168.0.1/nps/iManager.html
    
  2. At the login prompt, specify the server administrator user name, password, tree name, or IP address of the tree, then click Login.

    For more information on iManager administration, see the NetIQ® iManager Administration Guide.

  3. In the iManager application left frame, click File Protocols > CIFS.

    The default CIFS parameters page is displayed. Use this page to configure and manage CIFS.

  4. Select the CIFS server you want to manage.

  5. Select General > Authentication.

  6. Select Third party Domain as the mode of authentication.

  7. Specify the Work Group/Domain Name of the Windows environment.

  8. Specify the LMCompatibility level. For details, see Table 6-2, CIFS Authentication Page Parameters.

  9. Specify the name of the Primary Domain Controller. Ensure that the name does not exceed 15 characters.

  10. Specify the IP address of the Primary Domain Controller.

  11. Click OK to save the changes in the CIFS properties.