Configuring NTLM authentication
December 13, 2023
It is recommended to use Kerberos authentication because it is the most robust mechanism. NTLM authentication allows hackers to access user passwords by intercepting network traffic.
After the Microsoft update is released (see ADV190023 LDAP Channel Binding and LDAP Signing for details), NTLM user authentication in Kaspersky Web Traffic Security will no longer work.
To configure NTLM authentication on the proxy server:
- In the application web interface, select the Settings → Built-in proxy server → Authentication section.
- In the NTLM field, click the Set up link.
The NTLM authentication settings window opens.
- Set the toggle switch to Enabled.
- In the Domain name field, enter the name of the domain for which you want to configure authentication.
SRV records are used to search for a domain controller.
- If you want to test the connection with the domain controller based on the defined settings, click the Test connection button.
The test result is displayed on the right of the button.
- Click Save.
The proxy server will be restarted. Traffic processing will be paused before the restart completes.
NTLM authentication will be configured. The proxy server will process requests only from those users who complete the authentication procedure.