GFI Software Aurea SMB Solutions


Home » GFI User Forums » Kerio Control » NTLM Auth. doesn't work. (NTLM auth doen't work - BUG in the Kerio Software)
NTLM Auth. doesn't work. [message #110616] Tue, 11 February 2014 12:41 Go to next message
AMET4 is currently offline  AMET4
Messages: 16
Registered: February 2014
Hi,

we use the Kerio Control 8.2.2 patch 1 build 1684.


NTLM is not working. Everytime the Browser is opened, the User gets a prompt for the Login Credentials.


1. "Map user accounts and groups from a Direcotry Service" is enabled.
2. Web authentication is configured to "Always require users to be auth. when accessing web pages" & "Enable auto. auth. using NTLM"
3. Force SSL secured connection is NOT enabled.
4. The Proxy IP is configured in the Intranet Trusted Zone.
5. In the IE9 "Automatic logon with current username and password" is enabled, as well as "Enable integrated windows auth."
7. By entering the Login-credentials manual its working fine.
8. The Same browser pointing to the Kerio Control with V7 is working correct.
9. The Kerio-Server is on another Network as the Clients are.


Could you please Support us on this, as this looks like a BUG in your Software!

Regards,
AMET4
Re: NTLM Auth. doesn't work. [message #110629 is a reply to message #110616] Wed, 12 February 2014 03:23 Go to previous messageGo to next message
Jonas Rodrigues (Kerio) is currently offline  Jonas Rodrigues (Kerio)
Messages: 238
Registered: January 2013
Location: Sydney
Hello,

Please make sure you follow the KB article steps to get it working:

http://kb.kerio.com/product/kerio-control/microsoft-active-d irectory-apple-open-directory/how-do-i-set-up-ntlm-authentic ation-to-work-with-kerio-control-735.html


All the best,

Jonas


Kerio Technical Support
Log Support Incidents here: http://www.kerio.com/support
Also, please use our KB: http://kb.kerio.com
icon14.gif  Re: NTLM Auth. doesn't work. (solved) [message #110642 is a reply to message #110629] Wed, 12 February 2014 16:01 Go to previous messageGo to next message
AMET4 is currently offline  AMET4
Messages: 16
Registered: February 2014
Dear Jonas Rodrigues,

many Thanks for your Quick Feedback, we're now able to surf the Web by being automatically authenticated via NTLM (btw, this is also working by using the IP instead the Hostname for connecting to the Kerio-Proxy).

Is there a possibility, that after Joining the Kerio Server to the Root-Domain this maybe takes a while until its applied and this was the Reason why NTLM wasn't working? AD Mapping was already enabled but the Kerio Server wasn't a Member-Server. After Joining the Kerio Server to the to Domain yesterday, it wasn't working. Then this Morning we could surf via NTLM without changing anything on the Kerio Configuration. Rolling Eyes

Regards,
AMET4
Re: NTLM Auth. doesn't work. (solved) [message #123683 is a reply to message #110642] Sun, 23 August 2015 17:18 Go to previous messageGo to next message
GMarciales is currently offline  GMarciales
Messages: 8
Registered: April 2015
Location: Pullman / WA / USA

Hi Amet4, are you still in troubles?

I am trying NTLM, in my case it is working perfectly.

https://dl.dropboxusercontent.com/u/83105148/NTLM.png
Re: NTLM Auth. doesn't work. (solved) [message #137639 is a reply to message #123683] Wed, 08 November 2017 18:14 Go to previous messageGo to next message
Kitsu is currently offline  Kitsu
Messages: 12
Registered: October 2017
Location: Cuba
same problem.. Could you please Support us on this???


Best Regards.
Re: NTLM Auth. doesn't work. (solved) [message #144550 is a reply to message #137639] Tue, 04 December 2018 17:20 Go to previous messageGo to next message
Kitsu is currently offline  Kitsu
Messages: 12
Registered: October 2017
Location: Cuba
Hi know this is an old post, but i was working perfectly with NTLM Auth about a year a go and now stop working i'm using kerio control 9.2.5 patch 5, i just made an upgrade from 9.2.4 to 9.2.5 i know when i see my Active Hosts the Authentication Type said "Proxy" and its a kind of transparent for me, 'cause my users are not receiving any user & pass prompt but my script of logon and logout

https://manuals.gfi.com/en/kerio/control/content/microsoft-a ctive-directory-apple-open-directory/how-to-use-a-windows-ac tive-directory-group-policy-object-gpo-to-logon-and-logout-u sers-automatically-from-kerio-control-917.html

Its no working anymore, and this is a big deal for me... i modified the script for logout, 'cause i know that change to https://ip_fw:4081/internal/logout but its not working and i think its 'cause NTLM its not working instead i just see that Proxy Auth Type?

Any idea or help i appreciate..

Thanks!
Re: NTLM Auth. doesn't work. [message #144653 is a reply to message #110616] Tue, 25 December 2018 13:06 Go to previous messageGo to next message
iamlink is currently offline  iamlink
Messages: 2
Registered: December 2018
Location: Russia
Hi there. I'm sorry but i could not find answer so and decide write here.

Here my lab:

1) ADDS/DNS server Windows Server 2019, domain: corp.mydomain.com / netbiosname: mydomain
2) Client PC: Windows 10 1803
3) Kerio Control Virtual Applience 9.2.8 build 3061 (latest version at this time), joined to domain with FQDN gw-kc.corp.mydomain.com, users from ADDS mapped, A record kerio added to DNS Windows server with correct IP.

I test NTLM authentification, in Kerio Control and acordingly sets parameters:

Always require users to be authentificated when accessing web pages
Enable automatic authentification using NTLM

In Web interface (Advanced options)
Force SSL secured connection: True
Use specified hostname: https_protocol_kerio.corp.mydomain.com:4081/

Generated new Kerio Local CA certificate (imported to trusted store to Windows Server and Windows 10), also generated web cert for FQDN kerio.corp.mydomain.com and assigned for web interface of Kerio.

There are two traffic rules:

allow nat for authentificated users for http,https
allow nat for trusted interfaces for http,https (for access to auth page)

Other rules by default.

In content filter set next:

Rule name: allow internet content, rule for all detected content, for domain-users<_at_>corp.mydomain.com
Rule name: deny internet content, rule for all detected content, for all other.

Filter HTTPS traffic enabled.

At user PC in IE11 acordingly KB https_protocol_manuals.gfi.com/en/kerio/control/content/micr osoft-active-directory-apple-open-directory/automatic-user-a uthentication-using-ntlm-735.html

The Kerio Control server name added to the list of trusted servers (in intranet, and enabled integrated windows authentification). For increased security, was typed the server name in this format: https_protocol_kerio.corp.mycompany.com

So, when user try go to Internet he gets modal window with credential prompt and in browser address bar http_protocol_kerio.corp.mycompany.com/login...and so on.

Question: why kerio don't redirect to HTTPS for send NTLM credentionals, despite https_protocol_kerio.corp.mycompany.com added to trusted sites of Intranet and asked for http_protocol_kerio.corp.mycompany.com if ssl enforced enabled?

If i add http_protocol_kerio.corp.mycompany.com to trusted sites of Intranet everything works good, but i want use SSL for send NTLM credentionals...

How to configure so NTLM credentionals sends through HTTPS? Help please.

P.S. Sorry for my bad English Smile
Re: NTLM Auth. doesn't work. (solved) [message #144654 is a reply to message #144550] Tue, 25 December 2018 15:43 Go to previous message
iamlink is currently offline  iamlink
Messages: 2
Registered: December 2018
Location: Russia
Hi there. I'm sorry but i could not find answer so and decide write here.

Here my lab:

1) ADDS/DNS server Windows Server 2019, domain: corp.mydomain.com / netbiosname: mydomain
2) Client PC: Windows 10 1803
3) Kerio Control Virtual Applience 9.2.8 build 3061 (latest version at this time), joined to domain with FQDN gw-kc.corp.mydomain.com, users from ADDS mapped, A record kerio added to DNS Windows server with correct IP.

I test NTLM authentification, in Kerio Control and acordingly sets parameters:

Always require users to be authentificated when accessing web pages
Enable automatic authentification using NTLM

In Web interface (Advanced options)
Force SSL secured connection: True
Use specified hostname: https_protocol_kerio.corp.mydomain.com:4081/

Generated new Kerio Local CA certificate (imported to trusted store to Windows Server and Windows 10), also generated web cert for FQDN kerio.corp.mydomain.com and assigned for web interface of Kerio.

There are two traffic rules:

allow nat for authentificated users for http,https
allow nat for trusted interfaces for http,https (for access to auth page)

Other rules by default.

In content filter set next:

Rule name: allow internet content, rule for all detected content, for domain-users<_at_>corp.mydomain.com
Rule name: deny internet content, rule for all detected content, for all other.

Filter HTTPS traffic enabled.

At user PC in IE11 acordingly KB https_protocol_manuals.gfi.com/en/kerio/control/content/micr osoft-active-directory-apple-open-directory/automatic-user-a uthentication-using-ntlm-735.html

The Kerio Control server name added to the list of trusted servers (in intranet, and enabled integrated windows authentification). For increased security, was typed the server name in this format: https_protocol_kerio.corp.mycompany.com

So, when user try go to Internet he gets modal window with credential prompt and in browser address bar http_protocol_kerio.corp.mycompany.com/login...and so on.

Question: why kerio don't redirect to HTTPS for send NTLM credentionals, despite https_protocol_kerio.corp.mycompany.com added to trusted sites of Intranet and asked for http_protocol_kerio.corp.mycompany.com if ssl enforced enabled?

If i add http_protocol_kerio.corp.mycompany.com to trusted sites of Intranet everything works good, but i want use SSL for send NTLM credentionals...

How to configure so NTLM credentionals sends through HTTPS? Help please.

P.S. Sorry for my bad English Smile
Previous Topic: splitting traffic through an interface
Next Topic: Can't join domain Windows Server 2016
Goto Forum:
  


Current Time: Wed Nov 20 05:12:36 CET 2019

Total time taken to generate the page: 0.04470 seconds