Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

NTLM SSP will not authenticate.

Ok...I must be doing something horribly wrong.

2 things I can't seem to accomplish.

1. Getting rid of Authentication pop-ups in a browser for a user logged into the domain.

2. Even if I try to authenticate, it won't let me.

My NTLM realm looks like this, running ASyncOS 5.1.2 S650

Active Directory Domain = DOMAIN.WFISD.NET

Told the ironport to create it's user account webgate$ in DOMAIN/Domain Controllers

However, in an attempt to troubleshoot, I have created the webgate$ account in various other places by rejoining the ironport to our domain.

The NTLM test works fine, but every time we open a brower it prompts for credentials. LDAP works great, but I am unable to authenticate at all using NTLM SSP. I have added all the domain groups from the directory lookup in the web policy, and I have also tried entering single usernames to see if the authentication works. All to no avail.

Please help.

THanks in advance.

New Member

Re: NTLM SSP will not authenticate.

How are your clients connecting to the proxy? Are they explicitly configured to used the WSA or transparently redirected. This will make a big difference as to why transparent credentials are not working.

Also, I highly recommend upgrading to the latest 5.2 version of the WSA, as the authentication code was completely changed and made much better.

When you are prompted for credentials, they are never accepted? Are you entering the domain in with the credentials? The domain is case sensitive as well. It is typically in all CAPS.

New Member

Re: NTLM SSP will not authenticate.

To answer your questions.

Proxy mode on the WSA is set to transparent. I have also put the DNS name of the WSA in it's config file as the prox.etc.transparentauthserver value. The clients are set to specifically set to use the proxy DNS name in their browser.

Have tried adding a trust in IE7 and Firefox to no avail.

I am able to enter my credentials after all. That was an issue with our AD and Edir. not syncronizing. Got that fixed.

As far as I know I am at the latest ASyncOS version 5.2.1-052


New Member

Re: NTLM SSP will not authenticate.

THe latest is AsyncOS 5.5.2-030 , i tried configuring ntlmssp with no problems.

I redirected the internal proxy to point to ironport with no problems.

do you have screen captures when you do test the authentication query?

New Member

Re: NTLM SSP will not authenticate.

I can get you some screen shot and post them on here.

I'm going to attempt the upgrade first. For some reason I couldn't see a upgrade option via the GUI, but I can see 5.5.2 through the CLI.

I'll post back.

CreatePlease to create content