Configuring Symantec Web Gateway to integrate Active Directory with NTLM

Article:HOWTO54114  |  Created: 2011-06-08  |  Updated: 2011-06-08  |  Article URL http://www.symantec.com/docs/HOWTO54114
Article Type
How To


Environment

Subject


Configuring Symantec Web Gateway to integrate Active Directory with NTLM

Follow these steps to configure Active Directory integration with NTLM. You may need to change the Web browsers on users' computers.

See Configuring Active Directory integration with NTLM.

See Web browser changes needed for NTLM.

To configure Symantec Web Gateway to integrate Active Directory integration with NTLM

  1. In the Web GUI, click Administration > Configuration > Authentication.

  2. Under NTLM Configuration, specify the following information about your Active Directory environment:

    Default Realm

    Type the domain name of your realm, such as symantecexample.com. IP addresses are not valid. A partial domain name is valid if DNS Suffix is specified on the Administration > Configuration > Network page.

    Primary/Secondary Domain Controller

    Type the fully qualified domain name of your primary domain controller and secondary domain controller, such as controller.symantecexample.com. IP addresses are not valid. A partial domain name is valid if DNS Suffix is specified on the Administration > Configuration > Network page.

    A secondary domain controller is optional if you want a redundant server.

    Use Interface Name for NTLM Authentication

    The default is unchecked but checked (with proper configuration) is recommended.

    Authentication TTL

    Type the time between authentication requests from Symantec Web Gateway to the domain controller. The default is 15 minutes. A shorter time results in increased load on Symantec Web Gateway.

    User Authentication Re-tries

    Type the number of times that the Web browser allows the user to try to supply the user name and password after failed attempts. If the user fails to correctly log on after this number of attempts, only IP-based policies or default policies apply. If you use an enforce authentication policy, users see an error page. If you use 407 authentication, users see a proxy error page. After the authentication failure, reports display activity based on IP address only and not user names. If you have configured an Enforce Authentication policy for a user and the user fails authentication, Symantec Web Gateway denies Web access.

    See Configuring NTLM user authentication behavior.

    Use LDAP Credentials for Domain Controller

    If you select this option, specify the Domain Controller User Name and the Domain Controller Password in the corresponding boxes. Use the administrator password.

    If you use a proxy network configuration and 407 authentication, Symantec Web Gateway does not save these login credentials. Therefore, an error occurs if you uncheck this box and use different credentials from those that you specify for the Primary and Secondary Domain Controller.

  3. Click Test beside the type of authentication that you want to perform (HTTP 401 or HTTP 407).

    The results of the test appear at the top of the page. If there is an error, correct the settings and test again.

  4. Click Save.


Legacy ID



v28071833_v58977240


Article URL http://www.symantec.com/docs/HOWTO54114


Terms of use for this information are found in Legal Notices