eSafe Proxy with NTLM v2.0
March 8th, 2010
Today I am playing with eSafe 8 operating in eSafe Proxy with NTLM authentication mode. Configuring eSafe Proxy with NTLM authentication is very straightforward and not difficult. The authentication settings are configuring using the eSafe Appliance Manager web interface, like shown below.
I did some testing with multiple browsers and single sign-on with NTLM authentication is working perfectly. The system administrator was also testing, but he was complaining that he couldn’t authenticate. A pop-up box is received and when you enter the appropriate credentials, they aren’t accepted by eSafe. I found out that the customer is using Windows 7 and I was testing with Windows XP and Windows Server 2003.
Windows Vista, Windows 7 and Windows Server 2008 R2 and higher use NTLM v2.0-only by default. eSafe Proxy uses NTLM v1.0. The default setting within Windows can be changed to operate in a mode which is backwards compatible with eSafe Proxy. Take the following steps to change the NTLM settings:
- 1. Open the Group Policy Editor with gpedit.msc;
- 2. Go to Computer Configuration – Windows Settings – Security Settings – Local Policies – Security Options;
- 3. Go to the setting: Network security: LAN Manager authentication level
- 4. Change this setting to: Send LM & NTLM – use NTLMv2 session security if negotiated
- 5. Apply the policy with gpupdate /force
The picture shows the policy setting within Windows. This should solve the problem with single sign-on on Windows Vista, Windows 7 and Windows Server 2008 R2 and higher.
René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, HP Networking, Juniper Networks, RSA, PaloAlto Networks, Microsoft and many more. René is CCNA (Routing & Switching, Security), CCNP , Cisco ASA Specialist and CEFFS certified.
You can follow René on Twitter and LinkedIn.
Related Articles
One Response to “eSafe Proxy with NTLM v2.0”
Leave a Reply
Share this Blog
June 15th, 2010 at 3:59 pm
Effectively I arrived here on an additional article but ended up staying for 20 minutes reading your stuff! Enjoyed it :-D