Forum Discussion

Nimbostratus

8 years ago

Authentication NTLM client and server side

Is it possible to configure the APM module for NTLM client-side authentication with HTTP 401 Response and consume on server-side NTLM authentication? We have a demand to configure client and ser...

application delivery

BIG-IP Access Policy Manager (APM)

stan_piron

Cumulonimbus

8 years ago

Hi,

during NTLM authentication, server doesn't receive user password. so if you enable NTLM authentication on client side, F5 doesn't know user password to use it for server side authentication. it is not a F5 APM limitation but a NTLM proxy limitation. Microsoft TMG had the same limitation.

when working with NTLM client side authentication, a password-less authentication must be used on server side. the one used in such deployment is Kerberos Contrained delegation (Kerberos SSO)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Authentication NTLM client and server side

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

ASM attack signatures not syncing between active and standby F5

Query on source IP preservation for syslog traffic through F5 virtual server

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

VPN Communication Error with F5 BIG-IP Edge Client

simultaneous disabling / enabling of all LTM objects

Related Content

SSL Profiles Part 8: Client Authentication

Configuring APM Client Side NTLM Authentication

RADIUS server authenticating user with Google Authenticator

BIG-IQ Client Certificate (PKI) Authentication

Simple HTTP Authentication server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS