Forum Discussion
Dave_Hart_85_14
Nimbostratus
NimbostratusHow do I use NTLM client side SSO for two active directory domains?
I have setup NTLM client side SSO to gather user credentials by following the Article "Leveraging BIG-IP APM for seamless client NTLM Authentication".
I now need to have this setup work for two ...
Michael_Koyfman
Cirrocumulus
CirrocumulusYes, it's possible to accommodate. You would need to repeat the instructions in the article to have APM join second domain and create an account there. Basically, create NTLM MAchine Account and NTLM Auth objects for the second domain. Then the tricky part comes in modifying the irule. The NTLM AUth object used is currently hardcoded here:
set static::appname_ntlm_config "/Common/appname_ntlm_config"
Then the variable is being used in this command:
ECA::select select_ntlm:$static::appname_ntlm_config
You probably want to replace the ECA::select command with an if statement that will set the name of the NTLM auth profile based on the source IP of the connection.
Dave_Hart_85_14Nimbostratus
NimbostratusThanks Michael I will give that a try.
Using the IP address to determine what domain the PC belongs to will work for desktops but not roaming devices. Is there a way to present a login prompt if the device is connecting from a IP address that isn't defined in the irule?
