Support for Legacy NTLM has these restrictions:
- WINS resolution is not supported. Domain controllers must have hostnames that can be resolved by a DNS server.
- Extended security is not supported and cannot be enabled on the domain controller.
- NTLM2 session security is not supported and cannot be enabled on clients. In the Security Settings area of the Windows operating system, inspect the Network Security:
Minimum session security settings.
- NTLMv2 is not supported with Active Directory 2008.
- Not all browsers support transparent NTLM authentication. See Browser limitations.
For a complete description of support for Legacy NTLM, see Legacy NTLM authentication.
To add an NTLM domain for use in rule-based authentication:
Steps
-
Go to and click New Domain.
-
Select Legacy NTLM from the Authentication Method drop down box.
-
In the Domain Identifier field, enter a unique name that will help you recognize the domain and its purpose. After the domain is added, the name cannot be
changed.
-
Optionally, configure the Aliasing option. For information see: Unknown users and the ‘alias’ option.
-
In the Legacy NTLM Domain Details section:
- In the Domain Controller entry field enter the IP address and port number of the primary domain controller. If no port is specified, Content Gateway
uses port 139.
You can also specify secondary domain controllers in a comma-separated list. The supported formats are:
host_name[:port][%netbios_name]
IP_address[:port][%netbios_name]
The netbios_name is required with Active Directory 2008.
- Specify whether load balancing should be applied among multiple DCs.
Note: Even if load balancing is not selected, if multiple domain controllers are specified and
the load on the primary domain controller reaches the maximum number of connections allowed, new requests are sent to a secondary domain controller as a short-term fail
over provision, until such time that the primary domain controller can accept new connections.
-
Click Add Domain.