Configuring Symantec Web Gateway to integrate Active Directory with NTLM
Follow these steps to configure Active Directory integration with NTLM. You may need to change the Web browsers on users' computers.
See Configuring Active Directory integration with NTLM.
See Web browser changes needed for NTLM.
To configure Symantec Web Gateway to integrate Active Directory integration with NTLM
In the Web GUI, click .
Under NTLM Configuration, specify the following information about your Active Directory environment:
Type the domain name of your realm, such as symantecexample.com. IP addresses are not valid. A partial domain name is valid if is specified on the page.
Type the fully qualified domain name of your primary domain controller and secondary domain controller, such as controller.symantecexample.com. IP addresses are not valid. A partial domain name is valid if is specified on the page.
A secondary domain controller is optional if you want a redundant server.
The default is unchecked but checked (with proper configuration) is recommended.
Type the time between authentication requests from Symantec Web Gateway to the domain controller. The default is 15 minutes. A shorter time results in increased load on Symantec Web Gateway.
Type the number of times that the Web browser allows the user to try to supply the user name and password after failed attempts. If the user fails to correctly log on after this number of attempts, only IP-based policies or default policies apply. If you use an enforce authentication policy, users see an error page. If you use 407 authentication, users see a proxy error page. After the authentication failure, reports display activity based on IP address only and not user names. If you have configured an policy for a user and the user fails authentication, Symantec Web Gateway denies Web access.
See Configuring NTLM user authentication behavior.
If you select this option, specify the Domain Controller User Name and the Domain Controller Password in the corresponding boxes. Use the administrator password.
If you use a proxy network configuration and 407 authentication, Symantec Web Gateway does not save these login credentials. Therefore, an error occurs if you uncheck this box and use different credentials from those that you specify for the Primary and Secondary Domain Controller.
Click beside the type of authentication that you want to perform (HTTP 401 or HTTP 407).
The results of the test appear at the top of the page. If there is an error, correct the settings and test again.