Automatic user authentication using ntlm, 2 automatic user authentication using ntlm – Kerio Tech Firewall6 User Manual
Page 375
25.2 Automatic user authentication using NTLM
375
Note: The method described above includes a complete “clone” of WinRoute on a new host.
Some of the steps are optional — for example, if you do not wish to keep the current statistics,
do not copy the star subdirectory.
25.2 Automatic user authentication using NTLM
WinRoute supports automatic user authentication by the NTLM method (authentication from
Web browsers). Users once authenticated for the domain are not asked for username and
password.
This chapter provides detailed description on conditions and configuration settings for correct
functioning of NTLM.
General conditions
The following conditions are applied to this authentication method:
1.
WinRoute Firewall Engine is running as a service or it is running under a user account with
administrator rights to the WinRoute host.
2.
The server (i.e. the WinRoute host) belongs to a corresponding Windows NT or Active
Directory (Windows 2000/2003/2008) domain.
3.
Client host belongs to the domain.
4.
User at the client host is required to authenticate to this domain (i.e. local user accounts
cannot be used for this purpose).
5.
The NT domain / Kerberos 5 authentication method (see chapter
) must be set for the
corresponding user account under WinRoute. NTLM cannot be used for authentication in
the internal database.
WinRoute Configuration
NTLM authentication of users from web browsers must be enabled in Users → Authentica-
tion Options. User authentication should be required when attempting to access web pages,
otherwise enabling NTLM authentication is meaningless.
User authentication in the corresponding NT domain must be enabled.
•
For local user accounts (including accounts imported manually or automatically from
the domain) — at the bottom of the Authentication Options tab, NT authentication
must be enabled and the corresponding NT domain must be set (e.g. COMPANY).