cancel
Showing results for 
Search instead for 
Did you mean: 
bornheim
Level 7

Pre-Select a domain when using NTLM authentication

Hi,

is there a way to tell the client to use a specific domain for NTLM authentication?

Background: I now have a working rule set with Kerberos, fallback to NTLM (for non-domain-members) and fallback to local user database.

When a client falls back to NTLM authentication and asks for username and password, a domain is pre-set to the clients computer name. If I just provide username and password, authentication fails. It only succeeds, if I provide DOMAIN\username and password.

I would like the domain to default to the correct name. Under "NTLM specific parameters" is a field "Default NTLM domain", but that doesn't do what I hoped for.

Kind regards,

Robert

0 Kudos
1 Reply
McAfee Employee

Re: Pre-Select a domain when using NTLM authentication

Hi Robert,

I don't believe this is possible. Effectivley it would mean the MWG is modifying the realm information given by the client (in the NTLM messages). I don't believe MWG can do this.

The default domain field will only be used if the domain sent in the NTLM messages are empty (IE will use the hostname of the system if not joined to a domain, FF will not send one).

Best,

Jon

0 Kudos