4 Replies Latest reply on Jun 17, 2013 10:19 AM by Jon Scholten

    Integrate Web Gateway to Active Directory



      I need integrate my web gateway to my active directory (WS 2008 R2)


      I dont know to put in the fields:


      McAfee Web Gateway account name

      Configured Domain Controller(S), comma separated:


      Other Question;


      Use NTLM version 2? Can you explain about this?



        • 1. Re: Integrate Web Gateway to Active Directory

          Great question!

          • 2. Re: Integrate Web Gateway to Active Directory
            Jon Scholten

            This should be pretty straight foreward, but see attached screenshot.



            NTLMv2 just has to do with the version of NTLM your domain requires, if you're using a 2008 domain, it will require this by default.


            For the domain you should enter the NETBIOS name of your domain (not in the format of domain.tld).


            The account name is the name of the Web Gateway that you want to appear in Active directory. Web Gateway will create this account, you should not attempt to do so ahead of time. This should be unique for each appliance that you join to the domain.


            For the DC, you should just specify the fully quallified domain name of your domain controller. If you have problems with DNS, make sure the Web Gateway can resolve the fqdn of your DC. This can be checked under Troubleshooting > Network Tools > nslookup.




            • 3. Re: Integrate Web Gateway to Active Directory

              Hi can you tell how does the webgateway aquires the details of the users?

              can you tell how to configure it so that it will seamlessly take the users information on whether he has logged or not without promting to authenticate.


              Thanks in advance

              • 4. Re: Integrate Web Gateway to Active Directory
                Jon Scholten

                Hi Rukmalf,


                I dont 100% understand your question, but MWG is joined to the domain (as shown above) and communicates with the DC over port 445. The MWG will use either proxy authentication, or an authentication server (or other) to obtain credentials from the users. Proxy auth uses a 407, auth server uses a redirect (302) and a 401.


                For more information, read this article I wrote. If you are really interested in the technical details, I included captures of authentications: