aam authentication server windows¶

“Windows Server, using Kerberos or NTLM for authentication”

windows Specification¶

Parameter Value

Type Configuration Resource

Element Name windows

Element URI /axapi/v3/aam/authentication/server/windows

Element Attributes windows_attributes

Partition Visibility shared

Statistics Data URI /axapi/v3/aam/authentication/server/windows/stats

Operational Data URI /axapi/v3/aam/authentication/server/windows/oper

Schema windows schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/aam/authentication/server/windows	windows attributes
POST /axapi/v3/aam/authentication/server/windows Payload: { "windows": { "sampling-enable": [ { "counters1": "all" } ] } }
Get Object	GET	/axapi/v3/aam/authentication/server/windows	windows attributes
GET /axapi/v3/aam/authentication/server/windows Reponse: { "windows": { "uuid": "db201c44-6612-11d9-9a27-692335d4f00d", "sampling-enable": [ { "counters1": "all" } ], "a10-url": "/axapi/v3/aam/authentication/server/windows" } }
Modify Object	POST	/axapi/v3/aam/authentication/server/windows	windows attributes
Replace Object	PUT	/axapi/v3/aam/authentication/server/windows	windows attributes
PUT /axapi/v3/aam/authentication/server/windows Payload: { "windows": { "sampling-enable": [ { "counters1": "kerberos-request-send" } ] } }
Delete Object	DELETE	/axapi/v3/aam/authentication/server/windows	windows attributes
DELETE /axapi/v3/aam/authentication/server/windows Reponse: { "response": { "http-status": 200, "status": "OK", "msg": "Success" } }

windows attributes¶

instance-list

Type: List

Reference Object: /axapi/v3/aam/authentication/server/windows/instance/{name}

sampling-enable

Type: List

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

sampling-enable¶

Specification Value

Type list

Block object keys

counters1

Description ‘all’: all; ‘kerberos-request-send’: Total Kerberos Request; ‘kerberos-response-get’: Total Kerberos Response; ‘kerberos-timeout-error’: Total Kerberos Timeout; ‘kerberos-other-error’: Total Kerberos Other Error; ‘ntlm-authentication-success’: Total NTLM Authentication Success; ‘ntlm-authentication-failure’: Total NTLM Authentication Failure; ‘ntlm-proto-negotiation-success’: Total NTLM Protocol Negotiation Success; ‘ntlm-proto-negotiation-failure’: Total NTLM Protocol Negotiation Failure; ‘ntlm-session-setup-success’: Total NTLM Session Setup Success; ‘ntlm-session-setup-failed’: Total NTLM Session Setup Failure; ‘kerberos-request-normal’: Total Kerberos Normal Request; ‘kerberos-request-dropped’: Total Kerberos Dropped Request; ‘kerberos-response-success’: Total Kerberos Success Response; ‘kerberos-response-failure’: Total Kerberos Failure Response; ‘kerberos-response-error’: Total Kerberos Error Response; ‘kerberos-response-timeout’: Total Kerberos Timeout Response; ‘kerberos-response-other’: Total Kerberos Other Response; ‘kerberos-job-start-error’: Total Kerberos Job Start Error; ‘kerberos-polling-control-error’: Total Kerberos Polling Control Error; ‘ntlm-prepare-req-success’: Total NTLM Prepare Request Success; ‘ntlm-prepare-req-failed’: Total NTLM Prepare Request Failed; ‘ntlm-timeout-error’: Total NTLM Timeout; ‘ntlm-other-error’: Total NTLM Other Error; ‘ntlm-request-normal’: Total NTLM Normal Request; ‘ntlm-request-dropped’: Total NTLM Dropped Request; ‘ntlm-response-success’: Total NTLM Success Response; ‘ntlm-response-failure’: Total NTLM Failure Response; ‘ntlm-response-error’: Total NTLM Error Response; ‘ntlm-response-timeout’: Total NTLM Timeout Response; ‘ntlm-response-other’: Total NTLM Other Response; ‘ntlm-job-start-error’: Total NTLM Job Start Error; ‘ntlm-polling-control-error’: Total NTLM Polling Control Error; ‘kerberos-pw-expiry’: Total Kerberos password expiry; ‘kerberos-pw-change-success’: Total Kerberos password change success; ‘kerberos-pw-change-failure’: Total Kerberos password change failure; ‘kerberos-validate-kdc-success’: Total Kerberos KDC Validation Success; ‘kerberos-validate-kdc-failure’: Total Kerberos KDC Validation Failure; ‘kerberos-generate-kdc-keytab-success’: Total Kerberos KDC Keytab Generation Success; ‘kerberos-generate-kdc-keytab-failure’: Total Kerberos KDC Keytab Generation Failure; ‘kerberos-delete-kdc-keytab-success’: Total Kerberos KDC Keytab Deletion Success; ‘kerberos-delete-kdc-keytab-failure’: Total Kerberos KDC Keytab Deletion Failure; ‘kerberos-kdc-keytab-count’: Current Kerberos KDC Keytab Count;

Type: string

Supported Values: all, kerberos-request-send, kerberos-response-get, kerberos-timeout-error, kerberos-other-error, ntlm-authentication-success, ntlm-authentication-failure, ntlm-proto-negotiation-success, ntlm-proto-negotiation-failure, ntlm-session-setup-success, ntlm-session-setup-failed, kerberos-request-normal, kerberos-request-dropped, kerberos-response-success, kerberos-response-failure, kerberos-response-error, kerberos-response-timeout, kerberos-response-other, kerberos-job-start-error, kerberos-polling-control-error, ntlm-prepare-req-success, ntlm-prepare-req-failed, ntlm-timeout-error, ntlm-other-error, ntlm-request-normal, ntlm-request-dropped, ntlm-response-success, ntlm-response-failure, ntlm-response-error, ntlm-response-timeout, ntlm-response-other, ntlm-job-start-error, ntlm-polling-control-error, kerberos-pw-expiry, kerberos-pw-change-success, kerberos-pw-change-failure, kerberos-validate-kdc-success, kerberos-validate-kdc-failure, kerberos-generate-kdc-keytab-success, kerberos-generate-kdc-keytab-failure, kerberos-delete-kdc-keytab-success, kerberos-delete-kdc-keytab-failure, kerberos-kdc-keytab-count

instance-list¶

Specification Value

Type list

Block object keys

auth-protocol

Description: auth-protocol is a JSON Block. Please see below for instance-list_auth-protocol

Type: Object

health-check

Description Check server’s health status

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check and health-check-disable are mutually exclusive

health-check-disable

Description Disable configured health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: health-check-disable and health-check are mutually exclusive

health-check-string

Description Health monitor name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/health/monitor

host

Description: host is a JSON Block. Please see below for instance-list_host

Type: Object

name

Description Specify Windows authentication server name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

packet-capture-template

Description Name of the packet capture template to be bind with this object

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/visibility/packet-capture/object-templates/aam-auth-server-win-inst-tmpl

realm

Description Specify realm of Windows server

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

sampling-enable

Type: List

support-apacheds-kdc

Description Enable weak cipher (DES CRC/MD5/MD4) and merge AS-REQ in single packet

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

timeout

Description Specify connection timeout to server, default is 10 seconds

Type: number

Range: 1-255

Default: 10

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

instance-list_host¶

Specification Value

Type object

hostip

Description Specify the Windows server’s hostname(Length 1-31) or IP address

Type: string

Format: host

Maximum Length: 31 characters

Maximum Length: 1 characters

Mutual Exclusion: hostip and hostipv6 are mutually exclusive

hostipv6

Description Specify the Windows server’s IPV6 address

Type: string

Format: ipv6-address

Mutual Exclusion: hostipv6 and hostip are mutually exclusive

instance-list_sampling-enable¶

Specification Value

Type list

Block object keys

counters1

Description ‘all’: all; ‘krb_send_req_success’: Kerberos Request; ‘krb_get_resp_success’: Kerberos Response; ‘krb_timeout_error’: Kerberos Timeout; ‘krb_other_error’: Kerberos Other Error; ‘krb_pw_expiry’: Kerberos password expiry; ‘krb_pw_change_success’: Kerberos password change success; ‘krb_pw_change_failure’: Kerberos password change failure; ‘ntlm_proto_nego_success’: NTLM Protocol Negotiation Success; ‘ntlm_proto_nego_failure’: NTLM Protocol Negotiation Failure; ‘ntlm_session_setup_success’: NTLM Session Setup Success; ‘ntlm_session_setup_failure’: NTLM Session Setup Failure; ‘ntlm_prepare_req_success’: NTLM Prepare Request Success; ‘ntlm_prepare_req_error’: NTLM Prepare Request Error; ‘ntlm_auth_success’: NTLM Authentication Success; ‘ntlm_auth_failure’: NTLM Authentication Failure; ‘ntlm_timeout_error’: NTLM Timeout; ‘ntlm_other_error’: NTLM Other Error; ‘krb_validate_kdc_success’: Kerberos KDC Validation Success; ‘krb_validate_kdc_failure’: Kerberos KDC Validation Failure;

Type: string

Supported Values: all, krb_send_req_success, krb_get_resp_success, krb_timeout_error, krb_other_error, krb_pw_expiry, krb_pw_change_success, krb_pw_change_failure, ntlm_proto_nego_success, ntlm_proto_nego_failure, ntlm_session_setup_success, ntlm_session_setup_failure, ntlm_prepare_req_success, ntlm_prepare_req_error, ntlm_auth_success, ntlm_auth_failure, ntlm_timeout_error, ntlm_other_error, krb_validate_kdc_success, krb_validate_kdc_failure

instance-list_auth-protocol¶

Specification Value

Type object

kdc-validate

Description Enable KDC validation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

kerberos-disable

Description Disable Kerberos authentication protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

kerberos-kdc-validation

Description: kerberos-kdc-validation is a JSON Block. Please see below for instance-list_auth-protocol_kerberos-kdc-validation

Type: Object

kerberos-password-change-port

Description Specify the Kerbros password change port, default is 464

Type: number

Range: 1-65534

Default: 464

kerberos-port

Description Specify the Kerberos port, default is 88

Type: number

Range: 1-65534

Default: 88

kport-hm

Description Check Kerberos port’s health status

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: kport-hm and kport-hm-disable are mutually exclusive

Reference Object: /axapi/v3/health/monitor

kport-hm-disable

Description Disable configured Kerberos port health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: kport-hm-disable and kport-hm are mutually exclusive

ntlm-disable

Description Disable NTLM authentication protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ntlm-health-check

Description Check NTLM port’s health status

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: ntlm-health-check and ntlm-health-check-disable are mutually exclusive

Reference Object: /axapi/v3/health/monitor

ntlm-health-check-disable

Description Disable configured NTLM port health check configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: ntlm-health-check-disable and ntlm-health-check are mutually exclusive

ntlm-version

Description Specify NTLM version, default is 2

Type: number

Range: 1-2

Default: 2

instance-list_auth-protocol_kerberos-kdc-validation¶

Specification Value

Type object

encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.)

kdc-account

Description Specify account for KDC validation

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

kdc-password

Description Specify account password

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

kdc-pwd

Description Account password

Type: string

Format: password

Maximum Length: 63 characters

Maximum Length: 1 characters

kdc-spn

Description Specify SPN for KDC validation

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters