aam authentication server windows instance¶
“Windows Server, using Kerberos or NTLM for authentication”
instance Specification¶
Type Collection Object Key(s) name Collection Name instance-list Collection URI /axapi/v3/aam/authentication/server/windows/instance Element Name instance Element URI /axapi/v3/aam/authentication/server/windows/instance/{name} Element Attributes instance_attributes Statistics Data URI /axapi/v3/aam/authentication/server/windows/instance/{name}/stats Schema instance schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/aam/authentication/server/windows/instance | ||
Create List | POST | /axapi/v3/aam/authentication/server/windows/instance | ||
Get Object | GET | /axapi/v3/aam/authentication/server/windows/instance/{name} | ||
Get List | GET | /axapi/v3/aam/authentication/server/windows/instance | ||
Modify Object | POST | /axapi/v3/aam/authentication/server/windows/instance/{name} | ||
Replace Object | PUT | /axapi/v3/aam/authentication/server/windows/instance/{name} | ||
Replace List | PUT | /axapi/v3/aam/authentication/server/windows/instance | ||
Delete Object | DELETE | /axapi/v3/aam/authentication/server/windows/instance/{name} |
instance-list¶
instance-list is JSON List of instance attributes
instance-list : [
]
instance attributes¶
auth-protocol
Description: auth-protocol is a JSON Block. Please see below for auth-protocol
Type: Object
health-check
Description Check server’s health status
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: health-check and health-check-disable are mutually exclusive
health-check-disable
Description Disable configured health check configuration
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: health-check-disable and health-check are mutually exclusive
health-check-string
Description Health monitor name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/health/monitor
host
Description: host is a JSON Block. Please see below for host
Type: Object
name
Description Specify Windows authentication server name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
packet-capture-template
Description Name of the packet capture template to be bind with this object
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/visibility/packet-capture/object-templates/aam-auth-server-win-inst-tmpl
realm
Description Specify realm of Windows server
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
sampling-enable
Type: Listsupport-apacheds-kdc
Description Enable weak cipher (DES CRC/MD5/MD4) and merge AS-REQ in single packet
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
timeout
Description Specify connection timeout to server, default is 10 seconds
Type: number
Range: 1-255
Default: 10
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
host¶
Specification Type object hostip
Description Specify the Windows server’s hostname(Length 1-31) or IP address
Type: string
Format: host
Maximum Length: 31 characters
Maximum Length: 1 characters
Mutual Exclusion: hostip and hostipv6 are mutually exclusive
hostipv6
Description Specify the Windows server’s IPV6 address
Type: string
Format: ipv6-address
Mutual Exclusion: hostipv6 and hostip are mutually exclusive
sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘krb_send_req_success’: Kerberos Request; ‘krb_get_resp_success’: Kerberos Response; ‘krb_timeout_error’: Kerberos Timeout; ‘krb_other_error’: Kerberos Other Error; ‘krb_pw_expiry’: Kerberos password expiry; ‘krb_pw_change_success’: Kerberos password change success; ‘krb_pw_change_failure’: Kerberos password change failure; ‘ntlm_proto_nego_success’: NTLM Protocol Negotiation Success; ‘ntlm_proto_nego_failure’: NTLM Protocol Negotiation Failure; ‘ntlm_session_setup_success’: NTLM Session Setup Success; ‘ntlm_session_setup_failure’: NTLM Session Setup Failure; ‘ntlm_prepare_req_success’: NTLM Prepare Request Success; ‘ntlm_prepare_req_error’: NTLM Prepare Request Error; ‘ntlm_auth_success’: NTLM Authentication Success; ‘ntlm_auth_failure’: NTLM Authentication Failure; ‘ntlm_timeout_error’: NTLM Timeout; ‘ntlm_other_error’: NTLM Other Error; ‘krb_validate_kdc_success’: Kerberos KDC Validation Success; ‘krb_validate_kdc_failure’: Kerberos KDC Validation Failure;
Type: string
Supported Values: all, krb_send_req_success, krb_get_resp_success, krb_timeout_error, krb_other_error, krb_pw_expiry, krb_pw_change_success, krb_pw_change_failure, ntlm_proto_nego_success, ntlm_proto_nego_failure, ntlm_session_setup_success, ntlm_session_setup_failure, ntlm_prepare_req_success, ntlm_prepare_req_error, ntlm_auth_success, ntlm_auth_failure, ntlm_timeout_error, ntlm_other_error, krb_validate_kdc_success, krb_validate_kdc_failure
auth-protocol¶
Specification Type object kdc-validate
Description Enable KDC validation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
kerberos-disable
Description Disable Kerberos authentication protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
kerberos-kdc-validation
Description: kerberos-kdc-validation is a JSON Block. Please see below for auth-protocol_kerberos-kdc-validation
Type: Object
kerberos-password-change-port
Description Specify the Kerbros password change port, default is 464
Type: number
Range: 1-65534
Default: 464
kerberos-port
Description Specify the Kerberos port, default is 88
Type: number
Range: 1-65534
Default: 88
kport-hm
Description Check Kerberos port’s health status
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: kport-hm and kport-hm-disable are mutually exclusive
Reference Object: /axapi/v3/health/monitor
kport-hm-disable
Description Disable configured Kerberos port health check configuration
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: kport-hm-disable and kport-hm are mutually exclusive
ntlm-disable
Description Disable NTLM authentication protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ntlm-health-check
Description Check NTLM port’s health status
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ntlm-health-check and ntlm-health-check-disable are mutually exclusive
Reference Object: /axapi/v3/health/monitor
ntlm-health-check-disable
Description Disable configured NTLM port health check configuration
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: ntlm-health-check-disable and ntlm-health-check are mutually exclusive
ntlm-version
Description Specify NTLM version, default is 2
Type: number
Range: 1-2
Default: 2
auth-protocol_kerberos-kdc-validation¶
Specification Type object encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.)kdc-account
Description Specify account for KDC validation
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
kdc-password
Description Specify account password
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
kdc-pwd
Description Account password
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
kdc-spn
Description Specify SPN for KDC validation
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
stats data¶
| Counter | Size | Description | |
|---|---|---|---|
| krb_send_req_success | 8 | Kerberos Request | |
| ntlm_other_error | 8 | NTLM Other Error | |
| ntlm_auth_success | 8 | NTLM Authentication Success | |
| krb_timeout_error | 8 | Kerberos Timeout | |
| ntlm_prepare_req_error | 8 | NTLM Prepare Request Error | |
| krb_validate_kdc_success | 8 | Kerberos KDC Validation Success | |
| ntlm_auth_failure | 8 | NTLM Authentication Failure | |
| krb_validate_kdc_failure | 8 | Kerberos KDC Validation Failure | |
| krb_pw_change_success | 8 | Kerberos password change success | |
| ntlm_session_setup_success | 8 | NTLM Session Setup Success | |
| ntlm_timeout_error | 8 | NTLM Timeout | |
| krb_other_error | 8 | Kerberos Other Error | |
| ntlm_proto_nego_failure | 8 | NTLM Protocol Negotiation Failure | |
| krb_pw_expiry | 8 | Kerberos password expiry | |
| ntlm_session_setup_failure | 8 | NTLM Session Setup Failure | |
| krb_pw_change_failure | 8 | Kerberos password change failure | |
| krb_get_resp_success | 8 | Kerberos Response | |
| ntlm_proto_nego_success | 8 | NTLM Protocol Negotiation Success | |
| ntlm_prepare_req_success | 8 | NTLM Prepare Request Success |