Forum Discussion
We'll reach out to support on any hangups. I'm mainly just trying to understand how this works. It's not everyday you try to configure NTLM authentication through the BIG-IP, you know.
We're working through this: https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-access-policy-manager-authentication-methods/ntlm-authentication-for-microsoft-exchange-clients.html
Which explains a good part of it I believe.
To do NTLM authentication on the BIG-IP you need to have it domain joined. That is just a requirement, similar for other products that want to allow NTLM authentication from clients, like a web proxy, see:
https://help.endian.com/hc/it/articles/218144628-Web-Proxy-Authentication-NTLM-
Now we can join the domain by providing a Domain Administrative user name and password (one with permissions to perform domain joins).
BTW: I said earlier you require the machine account for the Kerberos authentication, that is my bad, but NOT the case. You need the machine account to do the NTLM authentication.