Forum Discussion

Nimbostratus

Feb 26, 2014

NTLM Authentication - Windows Integrated 401 Challenge

Dear All, I'm trying to replace an ISA server by a BIG IP solution At present the ISA server is doing an authenticatin on all listener (Virtual Server). Authentication is based on NTLM...

BIG-IP Access Policy Manager (APM)

Nimbostratus

Feb 26, 2014

One important thing to keep in mind here. Internet initiated == No Kerberos negotiated. This will work but only if you have access to the Kerberos Distribution Center. Chances are you aren't opening up TCP 88 to the internet..

So with things like TMG/ISA server you could send NTLM credentials and it would "hop" the authentication on the back-end using Kerberos delegation. This is made possible by authentication proxies in the case of Exchange (rpcproxy.dll).

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

NTLM Authentication - Windows Integrated 401 Challenge

Recent Discussions

dynamic signature detection

F5 looses the token for the first call

ports are showing open on online scanning tool

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

Related Content

Yubikey Authentication Modes and Azure AD integration via the APM

Citrix Federated Authentication Service Integration with APM

Google reCAPTCHA v2 challenge iRule, integration with BIG-IP virtual server

Access Troubleshooting: BIG-IP APM OIDC integration

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS