Forum Discussion
ndaems_145583
Nimbostratus
NimbostratusNTLM Authentication - Windows Integrated 401 Challenge
Dear All,
I'm trying to replace an ISA server by a BIG IP solution
At present the ISA server is doing an authenticatin on all listener (Virtual Server).
Authentication is based on NTLM...
EmBee_57573Nimbostratus
NimbostratusTo validate if it comes from the backend, check the server logging. It should give an unauthenticated user.
For KDC configuration, look at the manual. hint: 1. the F5 account needs delegation rights for the SPN of the backend server. (see manual how to do that) 2. so for your environment, you first have to setup SPN for your sharepoint. 3. within your kerberos SSO configuration, use the SPN patternfield and fill in the SPN; something like HTTP/service.contoso.com@CONTOSO.LOCAL
If you do not use the SPN pattern then the F5 will use reverse DNS lookup of the poolmember IP address to find the SPN (which probably has incorrect PTR settings).