Windows NT (MSNT) is used as external directory service, e.g., to authenticate Client-to-Site VPN users. MSNT validates user accounts and authorizes access to local or remote systems or domains at log-on of type local, domain, or trusted domain. On the Barracuda NextGen Firewall F-Series, you can configure MSNT as an external authentication scheme.
Before you Begin
MSNT does not provide group information. To create groups, see How to Configure Explicit Groups.
To configure MSNT for external authentication with the Barracuda NextGen Firewall F-Series:
- Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Authentication Service.
- In the left menu, select MSNT Authentication.
- Click Lock.
- Enable MSNT as external directory service.
- In the Domain Controller Name table, add an entry for each domain controller. You can edit the following settings:
- Domain Controller Name – Name of the primary domain controller, without the domain suffix. The name must be DNS-resolvable.
- Domain Name – Name of the domain.
- Domain Controller IP – IP address of the domain controller. If given, the IP address is used instead of the hostname.
- Click OK.
- If group information is queried from a different authentication scheme, select the scheme from the User Info Helper Scheme list.
- Click Send Changes and Activate.
MSNT Authentication Through the Remote Management Tunnel
To allow remote F-Series Firewalls to connect to the authentication server through the remote management tunnel, you must activate the outbound BOX-AUTH-MGMT-NAT Host Firewall rule. By default, this rule is disabled.