23.3 Automatic user authentication using NTLM

<variable name="Name">LAN</variable>

...

</listitem>

9.Save the winroute.cfg file and run WinRoute Firewall Engine.

Now, the WinRoute configuration is identical with the original WinRoute configuration on the prior operating system.

Note: The method described above includes a complete “clone” of WinRoute on a new host. Some of the steps are optional — for example, if you do not wish to keep the current statistics, do not copy the star subdirectory.

23.3 Automatic user authentication using NTLM

WinRoute supports automatic user authentication by the NTLM method (authentication from Web browsers). Users once authenticated for the domain are not asked for user- name and password.

This chapter provides detailed description on conditions and configuration settings for correct functioning of NTLM.

General conditions

The following conditions are applied to this authentication method:

1.WinRoute Firewall Engine is running as a service or it is running under a user account with administrator rights to the WinRoute host.

2.The server (i.e. the WinRoute host) belongs to a corresponding Windows NT or Ker- beros 5 (Windows 2000/2003) domain.

3.Client host belongs to the domain.

4.User at the client host is required to authenticate to this domain (i.e. local user accounts cannot be used for this purpose).

5.The NT domain / Kerberos 5 authentication method (see chapter 13.1) must be set for the corresponding user account under WinRoute. NTLM cannot be used for au- thentication in the internal database.

365

Page 365
Image 365
Kerio Tech Firewall6 manual Automatic user authentication using Ntlm, General conditions, 365