Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Specific settings and troubleshooting General conditions The following conditions are applied to this authentication method: 1. Kerio Control Engine is running as a service or it is running under a user account with administrator rights to the Kerio Control host. 2. The server (i.e. the Kerio Control host) belongs to a corresponding Windows NT or Active Directory (Windows 2000/2003/2008) domain. 3. Client host belongs to the domain. 4. User at the client host is required to authenticate to this domain (i.e. local user accounts cannot be used for this purpose). 5. The NT domain or the Active Directory authentication method (see chapter 16.1) must be set for the corresponding user account under Kerio Control. NTLM cannot be used for users authenticated only internally inside Kerio Control. Kerio Control configuration NTLM authentication of users from web browsers must be enabled in Users → Authentication Options. User authentication should be required when attempting to access web pages, otherwise enabling NTLM authentication is meaningless. Figure 25.1 NTLM — user authentication options 366
25.3 Automatic user authentication using NTLM The configuration of the Kerio Control’s web interface must include a valid DNS name of the server on which Kerio Control is running (for details, see chapter 12.1). Figure 25.2 Kerio Control’s Web interface configuration Note: In the Software Appliance / VMware Virtual Appliance edition, the server name is set on the System Configuration tab (see chapter 17.1). Web browsers For proper functioning of NTLM, a browser must be used that supports this method. By now, the following browsers are suitable: • Internet Explorer • Firefox or SeaMonkey NTLM authentication process NTLM authentication process differs depending on a browser used. Internet Explorer NTLM authentication is performed without user’s interaction. 367
- Page 315 and 316: 23.3 Interconnection of two private
- Page 317 and 318: 23.3 Interconnection of two private
- Page 319 and 320: 23.3 Interconnection of two private
- Page 321 and 322: 23.4 Exchange of routing informatio
- Page 323 and 324: 23.5 Example of Kerio VPN configura
- Page 325 and 326: 23.5 Example of Kerio VPN configura
- Page 327 and 328: 23.5 Example of Kerio VPN configura
- Page 329 and 330: 23.5 Example of Kerio VPN configura
- Page 331 and 332: 23.5 Example of Kerio VPN configura
- Page 333 and 334: 23.5 Example of Kerio VPN configura
- Page 335 and 336: 23.6 Example of a more complex Keri
- Page 337 and 338: 23.6 Example of a more complex Keri
- Page 339 and 340: 23.6 Example of a more complex Keri
- Page 341 and 342: 23.6 Example of a more complex Keri
- Page 343 and 344: 23.6 Example of a more complex Keri
- Page 345 and 346: 23.6 Example of a more complex Keri
- Page 347 and 348: 23.6 Example of a more complex Keri
- Page 349 and 350: 23.6 Example of a more complex Keri
- Page 351 and 352: 23.6 Example of a more complex Keri
- Page 353 and 354: 23.6 Example of a more complex Keri
- Page 355 and 356: 23.6 Example of a more complex Keri
- Page 357 and 358: 23.6 Example of a more complex Keri
- Page 359 and 360: 23.6 Example of a more complex Keri
- Page 361 and 362: 24.1 Kerio Control SSL-VPN configur
- Page 363 and 364: Chapter 25 Specific settings and tr
- Page 365: 25.3 Automatic user authentication
- Page 369 and 370: 25.4 FTP over Kerio Control proxy s
- Page 371 and 372: 25.5 Internet links dialed on deman
- Page 373 and 374: 25.5 Internet links dialed on deman
- Page 375 and 376: 25.5 Internet links dialed on deman
- Page 377 and 378: The text file will be stored in the
- Page 379 and 380: Appendix B Used open source items K
- Page 381 and 382: Copyright © 2005 Harald Welte Dist
- Page 383 and 384: Glossary of terms ActiveX This Micr
- Page 385 and 386: Ident The Ident protocol is used fo
- Page 387 and 388: Policy routing Advanced routing tec
- Page 389 and 390: TCP Transmission Control Protocol i
- Page 391 and 392: dial-up 64 dialing scripts 21, 58 h
- Page 393 and 394: S service 89, 207 SIP 210 SSL-VPN 3
Specific settings and troubleshooting<br />
General conditions<br />
The following conditions are applied to this authentication method:<br />
1. <strong>Kerio</strong> Control Engine is running as a service or it is running under a user account with<br />
administrator rights to the <strong>Kerio</strong> Control host.<br />
2. The server (i.e. the <strong>Kerio</strong> Control host) belongs to a corresponding Windows NT or Active<br />
Directory (Windows 2000/2003/2008) domain.<br />
3. Client host belongs to the domain.<br />
4. User at the client host is required to authenticate to this domain (i.e. local user accounts<br />
cannot be used for this purpose).<br />
5. The NT domain or the Active Directory authentication method (see chapter 16.1) must<br />
be set for the corresponding user account under <strong>Kerio</strong> Control. NTLM cannot be used for<br />
users authenticated only internally inside <strong>Kerio</strong> Control.<br />
<strong>Kerio</strong> Control configuration<br />
NTLM authentication of users from web browsers must be enabled in Users → Authentication<br />
Options. User authentication should be required when attempting to access web pages,<br />
otherwise enabling NTLM authentication is meaningless.<br />
Figure 25.1<br />
NTLM — user authentication options<br />
366