Configuring Legacy NTLM authentication

Steps

  1. Go to Configure > My Proxy > Basic > General.
  2. In the Authentication section, click Legacy NTLM On, and click Apply.
  3. Configure the Global authentication options.
  4. Go to Configure > Security > Access Control > Legacy NTLM.
  5. In the Domain Controller Hostnames field, enter the hostname of the primary domain controller, followed, optionally, by a comma separated list of backup domain controllers. The format of the hostname must be:

    host_name[:port][%netbios_name]

    or

    IP_address[:port][%netbios_name]

    Note:

    If you are using Active Directory 2008, you must include the netbios_name or use SMB port 445. If you do not use port 445, you must ensure that the Windows Network File Sharing service is running on the Active Directory server. See your Windows Server 2008 documentation for details.

    If you are using Active Directory 2008, in the Windows Network Security configuration, LAN Manager Authentication level must be set to Send NTLM response only. See your Windows Server 2008 documentation for details.

  6. Enable Load Balancing if you want the proxy to balance the load when sending authentication requests to multiple domain controllers.
    Note: When multiple domain controllers are specified, even if load balancing is disabled, when the load on the primary domain controller reaches the maximum number of connections allowed, new requests are sent to a secondary domain controller as a short-term failover provision, until such time that the primary domain controller can accept new connections.
  7. Click Apply and restart Content Gateway (Configure > My Proxy > Basic > General).
    Optionally, you can configure Content Gateway to allow certain clients to access specific sites on the Internet without being authenticated by the NTLM server; See Access Control).