Open with table of contents

Client Integrated and Basic Authentication using Domain Controller

Client Integrated (NTLM) and Basic Authentication using Domain Controller authenticates users by means of Windows account names when some users are using Internet Explorer and others are not. Internet Explorer users are automatically authenticated against the Windows Domain Controller using their Windows login credentials. Non-Internet Explorer users are prompted to enter their Windows login credentials, which are authenticated against the Domain Controller.

You can choose between two modes for NTLM authentication:

To configure Client Integrated and Basic Authentication using Domain Controller:

  1. From the System Center Home page, click Proxy Settings. The Proxy Settings page appears.
  2. Click Authentication Settings to display the Authentication Settings page.
  3. Move the mouse pointer over the User Authentication is Disabled/Enabled section, and click Click here to change these settings.
  4. Select Client Integrated and Basic Authentication using Domain Controller, and click Save.
  5. Move the mouse pointer over the Basic Realm Identifier section, and click Click here to change these settings.
  6. Type the name of the Basic Realm identifier to be used, and click Save. The realm appears in the authentication dialog that appears in the client's browser, enabling the user to determine why they are being asked to authenticate. It is cached by the browser, along with the user name and password for the duration of the session. The default Basic Realm identifier is 'CLEARSWIFT SECURE Web Gateway'.
  7. Move the mouse pointer over the NTLM Domain Controller section, and click Click here to change these settings.
  8. Select the Use domain controller radio button.
  9. Enter the fully qualified Domain Name, administrator User Name, and administrator Password of the domain controller whose domain you want the Gateway to join, and click Save.
  10. Click Join domain in the task bar and enter the administrator User Name, and administrator Password of the domain controller whose domain you want the Gateway to join, and click Join.
  11. Move the mouse pointer over the Apache Access Log section, and click Click here to change these settings. To enable or disable the generation of Apache Access logs, select or deselect the Enable Apache access logging check box.

To configure Client Integrated and Basic Authentication using Multiple Domain Controllers:

  1. From the System Center Home page, click Proxy Settings. The Proxy Settings page appears.
  2. Click Authentication Settings to display the Authentication Settings page.
  3. Move the mouse pointer over the User Authentication is Disabled/Enabled section, and click Click here to change these settings.
  4. Select Client Integrated and Basic Authentication using Domain Controller, and click Save.
  5. Move the mouse pointer over the Basic Realm Identifier section, and click Click here to change these settings.
  6. Type the name of the Basic Realm identifier to be used, and click Save. The realm appears in the authentication dialog that appears in the client's browser, enabling the user to determine why they are being asked to authenticate. It is cached by the browser, along with the user name and password for the duration of the session. The default Basic Realm identifier is 'CLEARSWIFT SECURE Web Gateway'.
  7. Move the mouse pointer over the NTLM Domain Controller section, and click Click here to change these settings.
  8. Select the Automatically detect domain controllers radio button.
  9. Enter the fully qualified Full domain name of the realm that you want the Gateway to join. Enter a Domain name.
  10. Click Join domain in the task bar and enter the administrator User Name, and administrator Password of the domain controller whose domain you want the Gateway to join, and click Join. A list of the domain controller IP addresses that were found will be displayed.
  11. Move the mouse pointer over the Apache Access Log section, and click Click here to change these settings. To enable or disable the generation of Apache Access logs, select or deselect the Enable Apache access logging check box.

After you have applied your configuration, you can verify that users are being correctly authenticated.

To test authentication:

  1. From the System Center Home page, click Proxy Settings. The Proxy Settings page appears.
  2. Click Authentication Settings to display the Authentication Settings page.
  3. Click Test Authentication. The Test Authentication dialog appears.
  4. Enter a valid user name and password combination, and click Run Test.

© 1995–2018 Clearswift Ltd.