Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Chapter 25NTLM authentication settingsNTLM (NT LAN Manager) is an authentication type used on Windows for authentication againstan Active Directory (or NT) domain.First, the following conditions must be met:• NTLM authentication can be used only in case users are authenticated against an ActiveDirectory domain. It is applicable only to the user accounts that were imported from ActiveDirectory (see chapters 7.6 and 13.10).• In order for the NTLM authentication to be functional, both computers as well as useraccounts have to belong to the domains used for authentication.• To make NTLM relevant it is necessary that users use clients with support for NTLM (SPA)authentication (e.g. MS Outlook).Warning: NTLM authentication is not available if MS Outlook extended by the Kerio SynchronizationPlug-in is used.NTLM authentication in Kerio MailServer must be set correctly, as follows:1. In the administration console, go to Domains (Configuration → Domains). Open the dialogwith domain settings details and switch to the Advanced tab (see figure 25.1). Use theWindows NT Domain entry to specify NT domain name (the name usually matches theActive Directory domain name without the first level domain — NET, COM, etc.).2. In the administration console, go to Configuration → Advanced Options and enable theAllow NTLM authentication for users with Kerberos authentication (for Active Directoryusers) option on the Security Policy tab. Enable this option to allow Active Directory domainusers to authenticate at Kerio MailServer upon their logon.284
Figure 25.1Setting Windows NT domain nameFigure 25.2Enabling the Allow NTLM authentication for users with Kerberos authentication option3. In the administration console, open the Domain Settings → User Accounts section and setthe Windows NT Domain option for user authentication. These parameters can be set onthe General tab (see figure 25.3).285
- Page 233 and 234: 20.7 How to use Mailing ListsExampl
- Page 235 and 236: Chapter 21Status InformationKerio M
- Page 237 and 238: 21.2 Message queue processingFrom,
- Page 239 and 240: 21.3 Active ConnectionsActive Conne
- Page 241 and 242: 21.4 Opened FoldersComponentsThree
- Page 243 and 244: 21.5 Traffic ChartsTime rangeIn the
- Page 245 and 246: 21.6 StatisticsRefreshThis button r
- Page 247 and 248: 22.1 Log settingsFigure 22.2Save lo
- Page 249 and 250: 22.1 Log settingsLog debugSelect th
- Page 251 and 252: 22.3 MailAuth_type=’0’, Passwor
- Page 253 and 254: 22.4 SecurityMailing list messagesT
- Page 255 and 256: 22.4 SecurityAntibombingServer over
- Page 257 and 258: 22.8 Debug• From: jsmith@company.
- Page 259 and 260: 22.8 Debug• IMAP Server — commu
- Page 261 and 262: 22.9 Performance Monitor (under Win
- Page 263 and 264: 23.1 Viewing public folders in indi
- Page 265 and 266: 24.1 Kerio MailServer on WindowsFig
- Page 267 and 268: 24.1 Kerio MailServer on WindowsFig
- Page 269 and 270: 24.2 Kerio MailServer on LinuxExamp
- Page 271 and 272: 24.2 Kerio MailServer on Linuxdebug
- Page 273 and 274: 24.3 Kerio MailServer on Mac OSTo e
- Page 275 and 276: 24.3 Kerio MailServer on Mac OSFigu
- Page 277 and 278: 24.3 Kerio MailServer on Mac OSFigu
- Page 279 and 280: 24.3 Kerio MailServer on Mac OSFigu
- Page 281 and 282: 24.4 Starting Open Directory and Ke
- Page 283: 24.4 Starting Open Directory and Ke
- Page 287 and 288: 25.1 Setting NTLM in MS Outlook ext
- Page 289 and 290: Chapter 26Kerio MailServer Environm
- Page 291 and 292: 26.3 FirewallFrom technical reasons
- Page 293 and 294: Chapter 27Deployment ExamplesThis c
- Page 295 and 296: 27.2 Dial-up Line + Domain Mailboxi
- Page 297 and 298: 27.4 A company with multiple sites5
- Page 299 and 300: 27.4 A company with multiple sitesF
- Page 301 and 302: 27.5 Setting up the backup mail ser
- Page 303 and 304: Chapter 28Troubleshooting in Kerio
- Page 305 and 306: 28.2 Configuration Backup and Trans
- Page 307 and 308: 29.1 Installation of Active Directo
- Page 309 and 310: 29.3 User Account DefinitionFigure
- Page 311 and 312: Chapter 30Kerio Open Directory Exte
- Page 313 and 314: Chapter 31KMS Web AdministrationKMS
- Page 315 and 316: 31.2 Setting access rights to the w
- Page 317 and 318: 31.5 Page headerFigure 31.4Web Admi
- Page 319 and 320: 31.6 Welcome pageLocalizations of K
- Page 321 and 322: 31.7 User accountsFigure 31.8Templa
- Page 323 and 324: 31.7 User accountsFigure 31.10User
- Page 325 and 326: 31.7 User accountsFigure 31.12User
- Page 327 and 328: 31.8 User groupsMove user’s messa
- Page 329 and 330: 31.8 User groupsFigure 31.16Group a
- Page 331 and 332: 31.9 AliasesPublish this group info
- Page 333 and 334: 31.9 AliasesFigure 31.20Alias creat
Chapter 25NTLM authentication settingsNTLM (NT LAN Manager) is an authentication type used on Windows for authentication againstan Active Directory (or NT) domain.First, the following conditions must be met:• NTLM authentication can be used only in case users are authenticated against an ActiveDirectory domain. It is applicable only to the user accounts that were imported from ActiveDirectory (see chapters 7.6 and 13.10).• In order for the NTLM authentication to be functional, both computers as well as useraccounts have to belong to the domains used for authentication.• To make NTLM relevant it is necessary that users use clients with support for NTLM (SPA)authentication (e.g. MS Outlook).Warning: NTLM authentication is not available if MS Outlook extended by the <strong>Kerio</strong> SynchronizationPlug-in is used.NTLM authentication in <strong>Kerio</strong> MailServer must be set correctly, as follows:1. In the administration console, go to Domains (Configuration → Domains). Open the dialogwith domain settings details and switch to the Advanced tab (see figure 25.1). Use theWindows NT Domain entry to specify NT domain name (the name usually matches theActive Directory domain name without the first level domain — NET, COM, etc.).2. In the administration console, go to Configuration → Advanced Options and enable theAllow NTLM authentication for users with Kerberos authentication (for Active Directoryusers) option on the Security Policy tab. Enable this option to allow Active Directory domainusers to authenticate at <strong>Kerio</strong> MailServer upon their logon.284