Content Gateway Security > Content Gateway user authentication > Legacy NTLM authentication
|
This implementation of NTLM support (Legacy NTLM) relies solely on the NTLMSSP protocol. Although it performs reliably as documented in this section, it is highly recommended that the Integrated Windows Authentication mode be used instead. It provides more robust and secure support for NTLM.
|
1.
|
WINS resolution is not supported. Domain controllers must have host names that can be resolved by a DNS server.
|
2.
|
Extended security is not supported and cannot be enabled on the domain controller.
|
3.
|
NTLM2 session security is not supported and cannot be enabled on clients. In the Security Settings area of the Windows operating system, inspect the Network Security: Minimum session security settings.
|
4.
|
NTLMv2 is not supported with Active Directory 2008. The required Network Security: LAN Manager Authentication setting is described in step 5 of Configuring NTLM proxy authentication, below.
|
1.
|
Go to Configure > My Proxy > Basic > General.
|
2.
|
4.
|
Go to Configure > Security > Access Control > Legacy NTLM.
|
5.
|
In the Domain Controller Hostnames field, enter the hostname of the primary domain controller, followed, optionally, by a comma separated list of backup domain controllers. The format of the hostname must be:
|
If you are using Active Directory 2008, you must include the netbios_name or use SMB port 445. If you do not use port 445, you must ensure that the Windows Network File Sharing service is running on the Active Directory server. See your Windows Server 2008 documentation for details.
|
If you are using Active Directory 2008, in the Windows Network Security configuration, LAN Manager Authentication level must be set to Send NTLM response only. See your Windows Server 2008 documentation for details.
|
6.
|
Enable Load Balancing if you want the proxy to balance the load when sending authentication requests to multiple domain controllers.
|
7.
|
Content Gateway Security > Content Gateway user authentication > Legacy NTLM authentication
|