Overview
Kerio Control supports automatic user authentication by the NTLM method (NT LAN Manager authentication from web browsers). Once authenticated for the domain, users do not need to enter their usernames and passwords.
This article shares the specific conditions and configuration settings for the correct functioning of the NTLM by covering the following topics:
- Configuring NTLM in Kerio Control
- Configuring Microsoft Internet Explorer Settings
- Configuring Mozilla Firefox Settings
- Configuring Google Chrome Settings
Prerequisites
Please ensure meeting the following requirements:
- Connect Kerio Control with the Microsoft Active Directory domain using a valid DNS name as a Kerio Control server name. For additional information, refer to the article about Connecting Kerio Control to Directory Services.
- Connect the client hosts with the domain.
- Install a valid SSL Certificate for the web interface and configure it correctly in Kerio Control. For more information about this process, refer to the article about Configuring SSL certificates in Kerio Control.
Note: SSL certificates can be configured and distributed using Group Policy Settings. This process is highlighted in the article about Deploying Kerio Control Certificate via the Microsoft Active Directory. - Configure the web browsers to trust the Kerio Control hostname, if necessary.
Configuring NTLM in Kerio Control
- In the administration interface, go to Configuration > Domains and User Login.
- Go to the Authentication Options tab.
- (Optional) Check the option Always require users to be authenticated when accessing web pages.
- Check Enable automatic authentication using NTLM.
- Click Apply.
Note: Rejoin the domain and restart the Kerio Control installation to clear the NTLM cache for troubleshooting purposes.
Once Kerio Control is configured correctly to use the NTLM authentication, configure the web browsers on client hosts using the steps indicated in the following sections. For proper functioning of NTLM, only use the following web browsers:
- Microsoft Internet Explorer
- Mozilla Firefox
- Google Chrome
Note: Microsoft Edge does not support NTLM yet.
Configuring Microsoft Internet Explorer Settings
In Internet Explorer, you must enable integrated Windows authentication, and add the Kerio Control server name to trusted servers by following these steps:
- Open Internet Explorer.
- Click Tools > Internet Options.
- Click the Advanced tab.
- Check Enable integrated Windows Authentication.
- Restart Internet Explorer.
Internet Explorer should now be correctly configured, and NTLM authentication should work. This means that the users do not have to authenticate with Kerio Control credentials.
If NTLM does not work, you may have problems with Kerio Control server name. In this case, follow these steps:
- Go to Tools > Internet Options.
- Click the Security tab.
- Click Local Intranet.
- Click Sites.
- In the Local Intranet dialog box, click Advanced.
- Add the Kerio Control server name to the list of trusted servers. For increased security, enter the server name in this format:
https://server.company.com
Configuring Mozilla Firefox Settings
- Open Mozilla Firefox.
- Enter
about:configin the address bar. - Use the filter to search for
network.automatic-ntlm-auth.trusted-uris. - Double-click the item.
- In the dialog box, add the Kerio Control server name. For increased security, enter the server name in this format:
https://server.company.com
Mozilla Firefox should now be correctly configured, and NTLM authentication should work. This means that the users do not need to authenticate with Kerio Control credentials.
Configuring Google Chrome Settings
Chrome uses Internet Explorer's Security Configuration, so one way to configure Chrome's settings is to configure Internet Explorer. Google Chrome adopts the same settings so that NTLM authentication will work.
Priyanka Bhotika
Comments