NTLM

Configuration Variable Data Type Description
proxy.config.ntlm.auth.enabled INT

Default: 0

Enables (1) or disables (0) NTLM proxy authentication.

proxy.config.ntlm.dc.list STRING

Default: NULL

A comma-separated list of domain controller hostnames. The format is:

host_name[:port] [%netbios_name]

or

IP_address[:port] [%netbios_name]

If you are using Active Directory 2008,

you must include the netbios_name or use SMB port 445.

proxy.config.ntlm.dc.load_ balance INT

Default: 0

Enables (1) or disables (0) load balancing. When enabled, Content Gateway balances the load when sending authentication requests to the domain controllers.

Note: When multiple domain controllers are specified, even if load balancing is disabled, when the load on the primary domain controller reaches the maximum number of connections allowed, new requests are sent to a secondary domain controller as a short-term failover provision, until such time that the primary domain controller can accept new connections.
proxy.config.ntlm.dc.max_ connections INT

Default: 10

Specifies the maximum number of connections Content Gateway can have open to the domain controller.

proxy.config.ntlm.cache.enabled INT

Default: 1

Enables (1) or disables (0) the NTLM cache. Applies only when Content Gateway is an explicit proxy.

When disabled, Content Gateway does not store any credentials in the NTLM cache for future use. Content Gateway always sends the credentials to the domain server to be validated.

proxy.config.ntlm.cache.ttl_ value INT

Default: 900

Specifies the number of seconds that Content Gateway stores entries in the NTLM cache. The supported range of values is 300 to 86400 seconds.

proxy.config.ntlm.cache.size INT

Default: 5000

Specifies the number of entries allowed in the NTLM cache.

proxy.config.ntlm.cache. storage_size INT

Default: 15728640

Specifies the maximum amount of space that the NTLM cache can occupy on disk. This value should be proportionate to number of entries in the NTLM cache. For example, if each entry in the NTLM cache is approximately 128 bytes and the number of entries allowed in the NTLM cache is 5000, the cache storage size should be at least 64000 bytes.

proxy.config.ntlm.cache_ 0exception.list STRING

Default: NULL

Holds the list of IP addresses and IP address ranges that will not be cached. This variable gets its value from the Content Gateway manager NTLM Multi-Host IP addresses field.

The exception list is a comma separated list that can contain up to:

  • 64 IPv4 addresses
  • 32 IPv4 address ranges
  • 24 IPv6 addresses
  • 12 IPv6 address ranges
proxy.config.ntlm.fail_open INT

Default: 1

Enables (1) or disables (0) whether client requests are allowed to proceed when authentication fails due to:

  • no response from the domain controller
  • badly formed messages from the client
  • invalid SMB responses
Note: Password authentication failures are always failures.
proxy.config.ntlm.check_ account_passwd INT

Default: 0

Enables (1) or disables (0) whether Content Gateway will create a log file entry when users are locked out after multiple failed password errors. Filter. config can be edited for user agents causing the lockout.

Note: This variable must be added to the config file and should only be used for debugging purposes and then disabled.