Manual Chapter : About AD Auth
Applies To:Show Versions
- 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
About AD Auth
An AD Auth action authenticates a user against an AAA Active Directory server. An authentication action typically follows a logon action that collects credentials.
When configured in a per-request policy subroutine, some screen elements and options described here might not be available.
- Specifies Authentication, the type of this Active Directory action.
- Specifies an Active Directory server; servers are defined in thearea of the Configuration utility.
- Cross Domain Support
- Specifies whether AD cross domain authentication support is enabled for this action.
- Complexity check for Password Reset
- Specifies whether Access Policy Manager (APM) performs a password policy check. APM supports these Active Directory password policies:
Because this option might require administrative privileges, the administrator name and password might be required on the AAA Active Directory server configuration page.Enabling this option increases overall authentication traffic significantly because APM must retrieve password policies using LDAP protocol and must retrieve user information during the authentication process to properly check the new password.
- Maximum password age
- Minimum password age
- Minimum password length
- Password must meet complexity requirements
- Show Extended Error
- When enabled, causes comprehensive error messages generated by the authentication server to display on the user's logon page. This setting is intended only for use in testing, in a production or debugging environment. If enabled in a live environment, your system might be vulnerable to malicious attacks. (When disabled, displays non-comprehensive error messages generated by the authentication server on the user's logon page.)
- Max Logon Attempts Allowed
- Specifies the number of user authentication logon attempts to allow. A complete logon and password challenge and response is considered as one attempt.For a per-request policy subroutine, equivalent functionality is supported through subroutine settings.
- Max Password Reset Attempts Allowed
- Specifies the number of times that APM allows the user to try to reset password.