4 Replies Latest reply on Jul 9, 2013 2:54 PM by gunars.lodzins

    Transparent NTLM  authentication and Active Directory group enumeration

      Hi!

       

      Here's the situation I have:

      I've set up transparent NTLM authentication and HTTP Proxy rule to use Smartfilter.

      In Smartfilter I've configured allow/block policies based on user groups in Active Directory.

      NTLM authentication works fine since I can see Active Passports on the firewall.

      But somehow it does not get user group information and since Access Rule is in state "Allow" every user who successfully authenticate using transparent NTLM authentication are allowed the traffic neglecting group membership.

      If I configure Authenticator to use Active Directory and use same SmartFilter configuration, it reads group information correctly and denies/allows site access depending on user group membership.

       

      Does NTLM authenticator not read group membership information from Active Directory or am I missing something in configuration?

       

      Gunars