Today I am playing with eSafe 8 operating in eSafe Proxy with NTLM authentication mode. Configuring eSafe Proxy with NTLM authentication is very straightforward and not difficult. The authentication settings are configuring using the eSafe Appliance Manager web interface, like shown below.
I did some testing with multiple browsers and single sign-on with NTLM authentication is working perfectly. The system administrator was also testing, but he was complaining that he couldn’t authenticate. A pop-up box is received and when you enter the appropriate credentials, they aren’t accepted by eSafe. I found out that the customer is using Windows 7 and I was testing with Windows XP and Windows Server 2003.
Windows Vista, Windows 7 and Windows Server 2008 R2 and higher use NTLM v2.0-only by default. eSafe Proxy uses NTLM v1.0. The default setting within Windows can be changed to operate in a mode which is backwards compatible with eSafe Proxy. Take the following steps to change the NTLM settings:
- 1. Open the Group Policy Editor with gpedit.msc;
- 2. Go to Computer Configuration – Windows Settings – Security Settings – Local Policies – Security Options;
- 3. Go to the setting: Network security: LAN Manager authentication level
- 4. Change this setting to: Send LM & NTLM – use NTLMv2 session security if negotiated
- 5. Apply the policy with gpupdate /force
The picture shows the policy setting within Windows. This should solve the problem with single sign-on on Windows Vista, Windows 7 and Windows Server 2008 R2 and higher.