Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Contributor III

LDAP / NTLM authentication with explicit proxy

Does anyone have a simple guide to setting up LDAP / NTLM authentication with explicit proxy, without agents or DC polling, using per session HTTP authentication as documented here:


PS this unit is running FortiOS 6.0.2


In my mind should be simple - but I'm struggling on this one :(

Contributor III

What I am trying to achieve is as documented here -


All I need is NTLM auth to explicit proxy, no other SSO

Agentless NTLM support

Agentless NTLM authentication can be configured directly from the FortiGate to the Domain Controller via SMB protocol (no agent is required).

Note that this authentication method is only supported for proxy policies.


Note that domain-controller is only available when method is set to ntlm and/or negotiate-ntlm is set to enable.

config authentication scheme

edit <name>

set method ntlm

set domain-controller <dc-setting>




config user domain-controller

edit <name>

set ip-address <dc-ip>

set port <port> - default = 445

set domain-name <dns-name>

set ldap-server <name>




Yes - I do have this working and can reference my configs to get all the details if you are still having trouble with this.

IIRC, you also need to define authentication rules to select the auth scheme and backend domain controller for the traffic. And then ldap to query for group memberships after the user authenticates via ntlm.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors