Description | This article describes how NTLM credentials are validated, and further explain how NTLM works with FortiProxy |
Scope | Agentless NTLM Authentication |
Solution |
1) Refer to the guideline for Agentless NTLM configuration
2) Bear in mind that when 'test user credentials' in LDAP Server configuration is performed, the FortiProxy will send a LDAP search and LDAP bind for the particular user account. This test does not test the NTLM authentication.
Samples of LDAP packets when performs 'test user credentials' in LDAP Server configuration. The user account is test1.
Note: Above example packet Proxy IP is 10.176.2.91 and LDAP Server IP is 10.176.1.12
3) Run the debugging to verify the NTLM authentication or packet capture
# diagnose wad debug enable category auth
Example debug outputs:
The samples packets that collected whilst accessed to http://www.example.com contains the NTLM Message type 1, type 2 and type 3.
Source Src Port Destination Dst Port Protocol Length Info
10.176.2.173 56880 10.176.2.91 11980 HTTP 1130 GET http://www.example.com/ HTTP/1.1 , NTLMSSP_AUTH, User: \test2
10.176.2.91 47618 10.176.1.12 445 SMB2 596 Session Setup Request, NTLMSSP_AUTH, User: \test2
10.176.2.91 40064 10.176.1.12 389 LDAP 344 searchRequest(2) "cn=users,dc=mk1,dc=com" wholeSubtree
10.176.2.91 11980 10.176.2.173 56880 HTTP 1076 HTTP/1.1 200 OK (text/html) |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.