Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ntlm]

NTLM (NT LAN Manager) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users.

179 questions
3
votes
1 answer

Avoiding 401 response for each request using NTLM

We have here an ASP.NET 3.5 application using NTLM based Windows authentication. The system runs on a private network that is actually distributed over different geographic places (connected via VPN). We are now trying to optimize the website's…
Satumba
  • 143
  • 1
  • 5
3
votes
5 answers

Implications of allowing Windows clients to use NTLMv1?

I have a web application that I'd like to authenticate to using pass-through NTLM for SSO. There is a problem, however, in that NTLMv2 apparently will not work in this scenario (without the application storing an identical password hash). I enabled…
Boden
  • 4,948
  • 12
  • 48
  • 70
3
votes
2 answers

HaProxy and Windows Auth

Can I get HaProxy to forward windows auth credentials onto IIS? I have searched for a day and cannot find much information out there.
redsquare
  • 237
  • 5
  • 13
3
votes
1 answer

All client browsers repeatedly asking for NTLM authentication when running through local proxy server

All client browsers repeatedly asking for NTLM authentication when running through local proxy server. When pointing browsers through the local proxy to the internet, some but not all clients are being repeatedley prompted to authenticate to the…
Marko
  • 87
  • 6
3
votes
1 answer

Why deploy Kerberos for Exchange 2010 SP1 RU3?

The first version of Exchange 2010 to support Kerberos is SP1 RU3. It does this through the RollAlternateServiceAccountCredential.ps1 commandlet. Besides implementing "better" security, does this offer any other benefits for disaster recovery,…
makerofthings7
  • 8,821
  • 28
  • 115
  • 196
3
votes
1 answer

Apache configuration to make NTLM authentication work through a Proxy

I'm running an application server behind an Apache proxy with the following sort of thing in my Apache config: ProxyPass /app http://myapplication:8080/myapp ProxyPassReverse /app http://myapplication:8080/myapp When I switch on NTLM…
Nick Pierpoint
  • 639
  • 1
  • 8
  • 14
3
votes
3 answers

Risks involved in setting up Kerberos authentication for WSS Reporting Services

We have an established Intranet based on WSS with two front ends and a database. Currently all authentication is NTLM. We have installed Reporting Services In Integration Mode. RS works as long as the web front end that has RS installed on it…
Mesh
  • 213
  • 3
  • 10
3
votes
1 answer

Windows service running as network service - how does it authenticate? Breaking change in W2K8?

A Windows service running as "Network Service" talks to services on other machines (here: SQL Server and Analysis Services), using Windows authentication. For authentication, we have to grant permissions to the machine account of the service. E.g.…
Max
  • 365
  • 2
  • 5
  • 17
3
votes
2 answers

Can I set up Samba shares that are authenticated against a domain *without* being joined to a domain?

I'd like to create a Samba server with some shares that have access controlled via accounts on the domain, but without joining the machine to the domain? Is this possible?
arathorn
  • 305
  • 5
  • 12
3
votes
0 answers

Active Directory: how to get rid of NTLM when we have remote users (road warriors)?

I want to disable NTLM completely. I don't want password hash to be stored in memory because of pass-the-hash attack (people don't have SeDebugPrivilege but anyway NTLM is not good) But people connect to workspace via RDP from their homes. I can use…
user996142
  • 211
  • 1
  • 5
3
votes
0 answers

How to run kinit as root before automounting mutiuser cifs mounts?

Goal I'm setting up multi-user CIFS mounts in an Active Directory environment under CentOS 8.2. The storage server supports SMB3.1.1 protocol. Prerequisites I could easily integrate the system to the Active Directory and I've edited SSSD…
MauvaisJoueur
  • 31
  • 3
2
votes
0 answers

Is it possible to limit SSRS authentication to Kerberos only?

We have an instance of SSRS (SQL Server Reporting Services) which uses Kerberos Constrained Delegation to fetch data for its reports from SQL Server on behalf of its users. For this purpose, SSRS was configured to use
Cat Mucius
  • 145
  • 1
  • 11
2
votes
2 answers

Joining workstations to the domain as a member of Protected Users group (Delegation vs User Rights)

Implementing "Protected Users" and coming across this problem that I couldn't find a solution to anywhere. Cannot join computers to the domain with delegation permissions. Instead "Add workstation to the domain" right was assigned to a…
Igor Akula
  • 23
  • 3
2
votes
1 answer

IIS and HttpListener (.NET) with windows authentication

I have a question about Windows authentication with IIS and HttpListener I have the following setup (All installed in same Windows 8.1 box. No outside communication). All requests are sent as http://localhost/...... IIS ASP.Net web application…
DineshNS
  • 21
  • 4
2
votes
1 answer

Squid proxy authentication - most painless way

Ok, the title says it all, really. The end goal is to implement proxy-authentication for end users. Users' systems are mostly (95%) windows-based, the proxy is a Debian Lenny running squid 2.7. I've investigated possible ways to implement it, first…
shylent
  • 792
  • 10
  • 22
1 2
3
11 12