Windows NT (MSNT) is used as external directory service, e.g., to authenticate Client-to-Site VPN users. MSNT validates user accounts and authorizes access to local or remote systems or domains at log-on of type local, domain, or trusted domain. On the Barracuda NextGen Firewall F-Series, you can configure MSNT as an external authentication scheme.
In this article:
Before You Begin
MSNT does not provide group information. To create groups, see How to Configure Explicit Groups.
To configure MSNT for external authentication with the Barracuda NextGen Firewall F-Series:
- Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Authentication Service.
- In the left menu, select MSNT Authentication.
- Click Lock.
- Enable MSNT as external directory service.
- In the Domain Controller Name table, add an entry for each domain controller. You can edit the following settings:
- Domain Controller Name – Name of the primary domain controller, without the domain suffix. The name must be DNS-resolvable.
- Domain Name – Name of the domain.
- Domain Controller IP – IP address of the domain controller. If given, the IP address is used instead of the hostname.
- Click OK.
- If group information is queried from a different authentication scheme, select the scheme from the User Info Helper Scheme list.
- Click Send Changes and Activate.
MSNT Authentication through the Remote Management Tunnel
To allow remote F-Series Firewalls to connect to the authentication server through the remote management tunnel, you must activate the outbound BOX-AUTH-MGMT-NAT Host Firewall rule. By default, this rule is disabled.