You cannot change the authentication method after you have created a Site; however, if you need to change the authentication options, you can do so on the General tab of the Site. After you change the options, you must manually refresh the Administrator interface. Any users logged on to the Site will be disconnected if you change the AD configuration and click OK, because the Site will stop and then restart. If you remove a logged-on user account from AD, the account is not removed from the interface until after they log off and you refresh the interface.
To edit the AD authentication options for a Site
In the Administrator, connect to EFT Server and click the Server tab.
In the left pane, click the Site you want to configure.
In the right pane, click the General tab.
Next to the User auth manager box, click Configure. The Windows NT Authentication Options dialog box appears.
To specify that the user list is to be updated automatically, select the Enable Automatic Refresh every check box, then specify how often you want EFT Server to check the authentication database for new users. Clear the check box if you do not want the Site's user list to refresh automatically
When you created the Site, you specified either Active Directory or NTLM Authentication. If you need to change this, click the appropriate option to match the authentication method used on EFT Server's domain. (Authentication is done with the LogonUser() function. The operating system determines which method to use for authentication, such as Kerberos, NTLM2, etc.)
Active Directory - EFT Server queries the domain controller for a list of users and groups.
NTLM Authentication - EFT Server queries the local system to get the list of users and groups.
In the Domain Context area, do one of the following:
Click Use default if you want to use the authentication database from the computer's current domain.
Click Custom, then in the Context box, provide the domain name that contains the authentication database.
In the Allow access to the following group area, do one of the following:
To allow access to every user in the domain's database, click Everyone.
To allow access to only a specific AD Group, click Custom, then in the box, type the AD Group name for users that will have access to the Server.
In the Use this user attribute as the logon name box, click the list to specify the attribute to use (only available when AD authentication is selected):
NT 4 Account Name - Domain name (e.g., "globalscape\bsmith" or "bsmith")
Display Name - (DN) When a new user is created in Active Directory, the Full name field is always generated in FirstName LastName format (but can be changed manually). This field sets the Display Name field upon account creation.
User Principal Name - (UPN) Login name in e-mail format. For example, your_user_name@mycompany.com
Common Name - (CN) Dynamic name. Usually the same as Display Name. However if Display Name is blank, then it will be NT4 account name.
In the When creating home folders for newly added users area, specify whether you want the Site to Create a virtual folder pointing to the user's home folder as defined by AD or Create a physical folder under the site root folder using the user's login name.
To verify your settings, click Test. The AD Query dialog box appears and EFT Server attempts to connect to the domain controller to get the user list. If it is successful, the list of registered users appears in the tree under the Settings Level. To close the dialog box, click Close or press ESC.
Click OK to save the settings. Any users who were logged in to the Site will be disconnected, because the Site will stop and then restart.
Click Apply to save the changes on EFT Server.