Note: This topic applies to the Hearst Release.
Global authentication settings determine the common behavior, irrespective of the authentication method used, such as, login time out and debug level.
|1.||Go to Services > Authentication > Settings.|
|2.||Configure the following:|
|•||Login timeout (minutes) — Determines the inactivity period after which the user is logged out. The default time out is
Setting a short login time out increases the load on the machine, particularly when using transparent NTLM (see Creating Authentication Policies) or SSL (see Using SSL Authentication) login methods. It also increases the rate of re-authentication requests.
Setting a long login time out may enable unauthorized users to access the network if users leave computers without actively logging out.
The behavior of some authentication mechanisms is automatically adjusted by the time out period. For example, the SSL Login refresh rate updates to ensure that authenticated users do not time-out — see Managing Authentication Policies.
Tip: You should encourage users to proactively log out of the system to ensure that other users of their workstation cannot assume their privileges if Login timeout (minutes) is yet to occur.
|•||Concurrent login sessions (per user) — Determines the number of log in attempts allowed per user.|
You can either choose to have No limit on the number of attempts, or enter the number of attempts allowed.
|•||Logging level — Determines the level of authentication logging. Valid choices are:|
Normal – Logs user login and LDAP server information
Verbose – As Normal, but also request, response and result information. This is useful when troubleshooting possible authentication issues.
|•||Normalize usernames — Determines whether all variations of username and domain are normalized into the same format. For example, Active Directory prefers DOMAIN
The Smoothwall stores the user-supplied username in the configured directory server’s preferred format. This reduces the number of possible forms of a username to one, preventing users circumventing temporary bans by using a different format of username for example. For a detailed description of each preferred format, see About Directory Services .
If you are migrating configuration from another Smoothwall installation, this setting is disabled by default to prevent log-searches and username-based reports from not working, and ensuring any temporary bans before the migration still apply. If required, this feature can then be enabled at a convenient time.
Unless BYOD clients require access to other parts of your internal network through the Smoothwall, it is recommended you turn this option off.
|3.||Click Save changes.|