Manualshelf

Specifications

ManualsBrandsBarracuda Networks ManualsComputer Hardware4
51525354555657585960
Administrator’s Guide
Integrating with a user authentication service 59
Enabling NTLM domain user authentication
If your network uses an NT LAN Manager (NTLM) authentication server, your NTLM domain users
transparently become authenticated in the Barracuda Web Filter using their Microsoft Windows
credentials. This single sign-on (SSO) method of access control is provided by transparent proxy
authentication against the your NTLM server.
To enable transparent proxy authentication against your NTLM server, you must join the Barracuda
Web Filter to the NTLM domain as an authorized host. The process of joining the domain also
synchronizes NTLM group information from your domain controller to the Barracuda Web Filter.
About NTLM authentication in Windows 2000 or 2003 AD domains
Windows Server 2000 with Active Directory runs the NTLM authentication protocol by default.
With Windows Server 2003, NTLM authentication is available only in a mixed mode Active
Directory domain. In a native mode Active Directory domain, Windows Server 2003 runs the
Kerberos authentication protocol.
Reasons for using an NTLM authentication server
Typical reasons for using an NTLM authentication server are listed below:
If you are replacing an existing forward proxy server that uses NTLM authentication.
If your network cannot rely on all users presenting a unique IP address.
For detailed descriptions of these scenarios, see the online help for the
Authentication Services page.
Requirements for using an NTLM authentication server
Before you integrate with an NTLM authentication server, verify the following requirements:
The Barracuda Web Filter must be deployed as a forward proxy.
No other authentication services may be configured.
No Barracuda DC Agents may be in use on any of your domain controllers.
You must enable the Forced Proxy Authentication option in the
USERS/GROUPS >
Configuration
page.
Web browsers must use the Barracuda Web Filter as the HTTP proxy.
For detailed descriptions of these requirements, see the online help for the
Authentication Services
page.
Limitations when using an NTLM authentication server
The following limitations apply when using an NTLM authentication server with the Barracuda Web
Filter:
No login override of blocked pages for NTLM domain users who encounter a block message.
No logout option for NTLM domain users who proceed to a blocked Web page.
NTLM domain users not listed in the
Account View page.
NTLM realm is not listed for users listed in the syslog output.
For detailed descriptions of these restrictions, see the online help for the
Authentication Services
page.