Forum Discussion
ndaems_145583
Nimbostratus
NimbostratusNTLM Authentication - Windows Integrated 401 Challenge
Dear All,
I'm trying to replace an ISA server by a BIG IP solution
At present the ISA server is doing an authenticatin on all listener (Virtual Server).
Authentication is based on NTLM...
Rabbit23_116296Nimbostratus
NimbostratusOne important thing to keep in mind here. Internet initiated == No Kerberos negotiated. This will work but only if you have access to the Kerberos Distribution Center. Chances are you aren't opening up TCP 88 to the internet..
So with things like TMG/ISA server, I presume this is only for external client so you could send NTLM credentials and it would "hop" the authentication on the back-end using Kerberos delegation. This is made possible by authentication proxies in the case of Exchange (rpcproxy.dll).
