.. _aam_authentication_server_windows:
aam authentication server windows
=================================
"Windows Server, using Kerberos or NTLM for authentication"
windows Specification
---------------------
===================================== ==========================================================================
**Parameter** **Value**
===================================== ==========================================================================
**Type** *Configuration Resource*
**Element Name** windows
**Element URI** /axapi/v3/aam/authentication/server/windows
**Element Attributes** windows_attributes
**Partition Visibility** shared
**Statistics Data URI** /axapi/v3/aam/authentication/server/windows/stats
**Operational Data URI** /axapi/v3/aam/authentication/server/windows/oper
**Schema** :download:`windows schema <aam-authentication-server-windows/aam-authentication-server-windows.txt>`
===================================== ==========================================================================
**Operations Allowed:**
.. raw:: html
<script type="text/javascript">
function showExample(a,b) { document.getElementById(a+'_div').style.display = 'block'; document.getElementById(a+'_cl').style.display = 'block'; document.getElementById(a+'_eg').style.display = 'none';}
function closeExample(a,b) { document.getElementById(a+'_div').style.display = 'none'; document.getElementById(a+'_cl').style.display = 'none'; document.getElementById(a+'_eg').style.display = 'block';}
</script>
<table width='90%' style='margin-left:5%'>
.. raw:: html
<tr style='border-bottom: thin solid; border-top: thin solid'><th width=15%>Operation</th><th width=10%>Method</th><th>URI</th><th width=15%>Payload</th><th width=10%></th></tr>
.. raw:: html
<tr style='border-bottom: thin solid;'><td valign = 'top'>
Create Object
.. raw:: html
</td><td valign = 'top'>
POST
.. raw:: html
</td><td valign = 'top'>
/axapi/v3/aam/authentication/server/windows
.. raw:: html
</td><td valign = 'top'>
:ref:`99_windows_attributes`
.. raw:: html
</td><td><button id='post_eg' onClick="showExample('post')">example</button> <button id='post_cl' onClick="closeExample('post')" style='display:none'>close</button></td></tr>
.. raw:: html
<tr><td colspan=5 style='padding: 0 % 0 %;' valign = 'top'><div id='post_div' style='display:none'>
.. include:: ../artifacts/aam_authentication_server_windows_POST.txt
:literal:
.. raw:: html
</div></td></tr>
.. raw:: html
<tr style='border-bottom: thin solid;'><td valign = 'top'>
Get Object
.. raw:: html
</td><td valign = 'top'>
GET
.. raw:: html
</td><td valign = 'top'>
/axapi/v3/aam/authentication/server/windows
.. raw:: html
</td><td valign = 'top'>
:ref:`99_windows_attributes`
.. raw:: html
</td><td><button id='get_eg' onClick="showExample('get')">example</button> <button id='get_cl' onClick="closeExample('get')" style='display:none'>close</button></td></tr>
.. raw:: html
<tr><td colspan=5 style='padding: 0 % 0 %;' valign = 'top'><div id='get_div' style='display:none'>
.. include:: ../artifacts/aam_authentication_server_windows_GET.txt
:literal:
.. raw:: html
</div></td></tr>
.. raw:: html
<tr style='border-bottom: thin solid;'><td valign = 'top'>
Modify Object
.. raw:: html
</td><td valign = 'top'>
POST
.. raw:: html
</td><td valign = 'top'>
/axapi/v3/aam/authentication/server/windows
.. raw:: html
</td><td valign = 'top'>
:ref:`99_windows_attributes`
.. raw:: html
</td><td></td></tr>
.. raw:: html
<tr style='border-bottom: thin solid;'><td valign = 'top'>
Replace Object
.. raw:: html
</td><td valign = 'top'>
PUT
.. raw:: html
</td><td valign = 'top'>
/axapi/v3/aam/authentication/server/windows
.. raw:: html
</td><td valign = 'top'>
:ref:`99_windows_attributes`
.. raw:: html
</td><td><button id='put_eg' onClick="showExample('put')">example</button> <button id='put_cl' onClick="closeExample('put')" style='display:none'>close</button></td></tr>
.. raw:: html
<tr><td colspan=5 style='padding: 0 % 0 %;' valign = 'top'><div id='put_div' style='display:none'>
.. include:: ../artifacts/aam_authentication_server_windows_PUT.txt
:literal:
.. raw:: html
</div></td></tr>
.. raw:: html
<tr style='border-bottom: thin solid;'><td valign = 'top'>
Delete Object
.. raw:: html
</td><td valign = 'top'>
DELETE
.. raw:: html
</td><td valign = 'top'>
/axapi/v3/aam/authentication/server/windows
.. raw:: html
</td><td valign = 'top'>
:ref:`99_windows_attributes`
.. raw:: html
</td><td><button id='delete_eg' onClick="showExample('delete')">example</button> <button id='delete_cl' onClick="closeExample('delete')" style='display:none'>close</button></td></tr>
.. raw:: html
<tr><td colspan=5 style='padding: 0 % 0 %;' valign = 'top'><div id='delete_div' style='display:none'>
.. include:: ../artifacts/aam_authentication_server_windows_DELETE.txt
:literal:
.. raw:: html
</div></td></tr>
.. raw:: html
</table>
.. _99_windows_attributes:
windows attributes
------------------
**instance-list**
**Type:** List
**Reference Object:** :doc:`/axapi/v3/aam/authentication/server/windows/instance/{name} <aam_authentication_server_windows_instance>`
**sampling-enable**
**Type:** List
**uuid**
**Description** uuid of the object
**Type:** string
**Maximum Length:** 64 characters
**Maximum Length:** 1 characters
.. _99_sampling-enable:
sampling-enable
^^^^^^^^^^^^^^^
=============================== ===================================================
**Specification** **Value**
=============================== ===================================================
**Type** *list*
**Block object keys**
=============================== ===================================================
**counters1**
**Description** 'all': all; 'kerberos-request-send': Total Kerberos Request; 'kerberos-response-get': Total Kerberos Response; 'kerberos-timeout-error': Total Kerberos Timeout; 'kerberos-other-error': Total Kerberos Other Error; 'ntlm-authentication-success': Total NTLM Authentication Success; 'ntlm-authentication-failure': Total NTLM Authentication Failure; 'ntlm-proto-negotiation-success': Total NTLM Protocol Negotiation Success; 'ntlm-proto-negotiation-failure': Total NTLM Protocol Negotiation Failure; 'ntlm-session-setup-success': Total NTLM Session Setup Success; 'ntlm-session-setup-failed': Total NTLM Session Setup Failure; 'kerberos-request-normal': Total Kerberos Normal Request; 'kerberos-request-dropped': Total Kerberos Dropped Request; 'kerberos-response-success': Total Kerberos Success Response; 'kerberos-response-failure': Total Kerberos Failure Response; 'kerberos-response-error': Total Kerberos Error Response; 'kerberos-response-timeout': Total Kerberos Timeout Response; 'kerberos-response-other': Total Kerberos Other Response; 'kerberos-job-start-error': Total Kerberos Job Start Error; 'kerberos-polling-control-error': Total Kerberos Polling Control Error; 'ntlm-prepare-req-success': Total NTLM Prepare Request Success; 'ntlm-prepare-req-failed': Total NTLM Prepare Request Failed; 'ntlm-timeout-error': Total NTLM Timeout; 'ntlm-other-error': Total NTLM Other Error; 'ntlm-request-normal': Total NTLM Normal Request; 'ntlm-request-dropped': Total NTLM Dropped Request; 'ntlm-response-success': Total NTLM Success Response; 'ntlm-response-failure': Total NTLM Failure Response; 'ntlm-response-error': Total NTLM Error Response; 'ntlm-response-timeout': Total NTLM Timeout Response; 'ntlm-response-other': Total NTLM Other Response; 'ntlm-job-start-error': Total NTLM Job Start Error; 'ntlm-polling-control-error': Total NTLM Polling Control Error; 'kerberos-pw-expiry': Total Kerberos password expiry; 'kerberos-pw-change-success': Total Kerberos password change success; 'kerberos-pw-change-failure': Total Kerberos password change failure; 'kerberos-validate-kdc-success': Total Kerberos KDC Validation Success; 'kerberos-validate-kdc-failure': Total Kerberos KDC Validation Failure; 'kerberos-generate-kdc-keytab-success': Total Kerberos KDC Keytab Generation Success; 'kerberos-generate-kdc-keytab-failure': Total Kerberos KDC Keytab Generation Failure; 'kerberos-delete-kdc-keytab-success': Total Kerberos KDC Keytab Deletion Success; 'kerberos-delete-kdc-keytab-failure': Total Kerberos KDC Keytab Deletion Failure; 'kerberos-kdc-keytab-count': Current Kerberos KDC Keytab Count;
**Type:** string
**Supported Values:** all, kerberos-request-send, kerberos-response-get, kerberos-timeout-error, kerberos-other-error, ntlm-authentication-success, ntlm-authentication-failure, ntlm-proto-negotiation-success, ntlm-proto-negotiation-failure, ntlm-session-setup-success, ntlm-session-setup-failed, kerberos-request-normal, kerberos-request-dropped, kerberos-response-success, kerberos-response-failure, kerberos-response-error, kerberos-response-timeout, kerberos-response-other, kerberos-job-start-error, kerberos-polling-control-error, ntlm-prepare-req-success, ntlm-prepare-req-failed, ntlm-timeout-error, ntlm-other-error, ntlm-request-normal, ntlm-request-dropped, ntlm-response-success, ntlm-response-failure, ntlm-response-error, ntlm-response-timeout, ntlm-response-other, ntlm-job-start-error, ntlm-polling-control-error, kerberos-pw-expiry, kerberos-pw-change-success, kerberos-pw-change-failure, kerberos-validate-kdc-success, kerberos-validate-kdc-failure, kerberos-generate-kdc-keytab-success, kerberos-generate-kdc-keytab-failure, kerberos-delete-kdc-keytab-success, kerberos-delete-kdc-keytab-failure, kerberos-kdc-keytab-count
.. _99_instance-list:
instance-list
^^^^^^^^^^^^^
=============================== ===================================================
**Specification** **Value**
=============================== ===================================================
**Type** *list*
**Block object keys**
=============================== ===================================================
**auth-protocol**
**Description:** auth-protocol is a **JSON Block**. Please see below for :ref:`99_instance-list_auth-protocol`
**Type:** Object
**health-check**
**Description** Check server's health status
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**Mutual Exclusion:** health-check and health-check-disable are mutually exclusive
**health-check-disable**
**Description** Disable configured health check configuration
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**Mutual Exclusion:** health-check-disable and health-check are mutually exclusive
**health-check-string**
**Description** Health monitor name
**Type:** string
**Maximum Length:** 63 characters
**Maximum Length:** 1 characters
**Reference Object:** :doc:`/axapi/v3/health/monitor <health_monitor>`
**host**
**Description:** host is a **JSON Block**. Please see below for :ref:`99_instance-list_host`
**Type:** Object
**name**
**Description** Specify Windows authentication server name
**Type:** string
**Format:** string-rlx
**Maximum Length:** 63 characters
**Maximum Length:** 1 characters
**packet-capture-template**
**Description** Name of the packet capture template to be bind with this object
**Type:** string
**Maximum Length:** 128 characters
**Maximum Length:** 1 characters
**Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/aam-auth-server-win-inst-tmpl <visibility_packet_capture_object_templates_aam_auth_server_win_inst_tmpl>`
**realm**
**Description** Specify realm of Windows server
**Type:** string
**Maximum Length:** 63 characters
**Maximum Length:** 1 characters
**sampling-enable**
**Type:** List
**support-apacheds-kdc**
**Description** Enable weak cipher (DES CRC/MD5/MD4) and merge AS-REQ in single packet
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**timeout**
**Description** Specify connection timeout to server, default is 10 seconds
**Type:** number
**Range:** 1-255
**Default:** 10
**uuid**
**Description** uuid of the object
**Type:** string
**Maximum Length:** 64 characters
**Maximum Length:** 1 characters
.. _99_instance-list_host:
instance-list_host
^^^^^^^^^^^^^^^^^^
=============================== ===================================================
**Specification** **Value**
=============================== ===================================================
**Type** *object*
=============================== ===================================================
**hostip**
**Description** Specify the Windows server's hostname(Length 1-31) or IP address
**Type:** string
**Format:** host
**Maximum Length:** 31 characters
**Maximum Length:** 1 characters
**Mutual Exclusion:** hostip and hostipv6 are mutually exclusive
**hostipv6**
**Description** Specify the Windows server's IPV6 address
**Type:** string
**Format:** ipv6-address
**Mutual Exclusion:** hostipv6 and hostip are mutually exclusive
.. _99_instance-list_sampling-enable:
instance-list_sampling-enable
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
=============================== ===================================================
**Specification** **Value**
=============================== ===================================================
**Type** *list*
**Block object keys**
=============================== ===================================================
**counters1**
**Description** 'all': all; 'krb_send_req_success': Kerberos Request; 'krb_get_resp_success': Kerberos Response; 'krb_timeout_error': Kerberos Timeout; 'krb_other_error': Kerberos Other Error; 'krb_pw_expiry': Kerberos password expiry; 'krb_pw_change_success': Kerberos password change success; 'krb_pw_change_failure': Kerberos password change failure; 'ntlm_proto_nego_success': NTLM Protocol Negotiation Success; 'ntlm_proto_nego_failure': NTLM Protocol Negotiation Failure; 'ntlm_session_setup_success': NTLM Session Setup Success; 'ntlm_session_setup_failure': NTLM Session Setup Failure; 'ntlm_prepare_req_success': NTLM Prepare Request Success; 'ntlm_prepare_req_error': NTLM Prepare Request Error; 'ntlm_auth_success': NTLM Authentication Success; 'ntlm_auth_failure': NTLM Authentication Failure; 'ntlm_timeout_error': NTLM Timeout; 'ntlm_other_error': NTLM Other Error; 'krb_validate_kdc_success': Kerberos KDC Validation Success; 'krb_validate_kdc_failure': Kerberos KDC Validation Failure;
**Type:** string
**Supported Values:** all, krb_send_req_success, krb_get_resp_success, krb_timeout_error, krb_other_error, krb_pw_expiry, krb_pw_change_success, krb_pw_change_failure, ntlm_proto_nego_success, ntlm_proto_nego_failure, ntlm_session_setup_success, ntlm_session_setup_failure, ntlm_prepare_req_success, ntlm_prepare_req_error, ntlm_auth_success, ntlm_auth_failure, ntlm_timeout_error, ntlm_other_error, krb_validate_kdc_success, krb_validate_kdc_failure
.. _99_instance-list_auth-protocol:
instance-list_auth-protocol
^^^^^^^^^^^^^^^^^^^^^^^^^^^
=============================== ===================================================
**Specification** **Value**
=============================== ===================================================
**Type** *object*
=============================== ===================================================
**kdc-validate**
**Description** Enable KDC validation
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**kerberos-disable**
**Description** Disable Kerberos authentication protocol
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**kerberos-kdc-validation**
**Description:** kerberos-kdc-validation is a **JSON Block**. Please see below for :ref:`99_instance-list_auth-protocol_kerberos-kdc-validation`
**Type:** Object
**kerberos-password-change-port**
**Description** Specify the Kerbros password change port, default is 464
**Type:** number
**Range:** 1-65534
**Default:** 464
**kerberos-port**
**Description** Specify the Kerberos port, default is 88
**Type:** number
**Range:** 1-65534
**Default:** 88
**kport-hm**
**Description** Check Kerberos port's health status
**Type:** string
**Maximum Length:** 63 characters
**Maximum Length:** 1 characters
**Mutual Exclusion:** kport-hm and kport-hm-disable are mutually exclusive
**Reference Object:** :doc:`/axapi/v3/health/monitor <health_monitor>`
**kport-hm-disable**
**Description** Disable configured Kerberos port health check configuration
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**Mutual Exclusion:** kport-hm-disable and kport-hm are mutually exclusive
**ntlm-disable**
**Description** Disable NTLM authentication protocol
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**ntlm-health-check**
**Description** Check NTLM port's health status
**Type:** string
**Maximum Length:** 63 characters
**Maximum Length:** 1 characters
**Mutual Exclusion:** ntlm-health-check and ntlm-health-check-disable are mutually exclusive
**Reference Object:** :doc:`/axapi/v3/health/monitor <health_monitor>`
**ntlm-health-check-disable**
**Description** Disable configured NTLM port health check configuration
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**Mutual Exclusion:** ntlm-health-check-disable and ntlm-health-check are mutually exclusive
**ntlm-version**
**Description** Specify NTLM version, default is 2
**Type:** number
**Range:** 1-2
**Default:** 2
.. _99_instance-list_auth-protocol_kerberos-kdc-validation:
instance-list_auth-protocol_kerberos-kdc-validation
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
=============================== ===================================================
**Specification** **Value**
=============================== ===================================================
**Type** *object*
=============================== ===================================================
**encrypted**
**Description** Do NOT use this option manually. (This is an A10 reserved keyword.)
**kdc-account**
**Description** Specify account for KDC validation
**Type:** string
**Format:** string-rlx
**Maximum Length:** 127 characters
**Maximum Length:** 1 characters
**kdc-password**
**Description** Specify account password
**Type:** boolean
**Supported Values:** true, false, 1, 0
**Default:** 0
**kdc-pwd**
**Description** Account password
**Type:** string
**Format:** password
**Maximum Length:** 63 characters
**Maximum Length:** 1 characters
**kdc-spn**
**Description** Specify SPN for KDC validation
**Type:** string
**Format:** string-rlx
**Maximum Length:** 63 characters
**Maximum Length:** 1 characters