prev
next
out of 8

BCS Tb Ntlmauth

Embed Size (px)

Citation preview

  • 8/13/2019 BCS Tb Ntlmauth

    1/8

    NTLM Authentication

    What is NTLM Authentication?NTLM is a Microsoft-proprietary protocol that authenticates users and computers based onan authentication challenge and response. When an NTLM realm is used, and a resource isrequested from the SG Series appliance, our appliance contacts the user or computer'saccount domain to verify identity, then requests an access token. The access token isgenerated by the domain controller and passed to (and if valid, accepted by) the

    Accelerator. Refer to Microsofts Web site for detailed information about the NTLM protocoland a list of Microsoft operating system versions that support NTLM. The advantage ofNTLM authentication is that it provides a single sign-on solution for Internet Explorer userswho are already logged in to a domain.

    Why Enable NTLM Authentication with Blue Coat?The Blue Coat SG Series appliance offers the capability to authenticate users defined in aNTLM database thereby utilizing your existing authentication process through the Blue Coatappliance. This enables an administrator to know who is accessing network resources andto define user/group-based policy along with all the other Blue Coat features.

    How to implement NTLM authenticationThere are four steps to implement authentication services

    1. Install the Blue Coat NTLM Authentication Agent Service2. Create an NTLM Realm3. Enable NTLM authentication through the Blue Coat Visual Policy Manager and create

    policy based on user and group identification4. Test NTLM policy

    Step 1 Install the Blue Coat NTLM Authentication Agent ServiceThe Blue Coat NTLM Authentication Agent Service must be installed on a PDC or BDC or a

    member server/workstation Windows NT/2000 Server. The Blue Coat NTLM AuthenticationAgent (CAASNT) is a Windows NT/2000-compatible application that aids in integrating andmanaging NTLM security with the Blue Coat appliance.

    Technical Brief

    The Web Security Authority. TM

  • 8/13/2019 BCS Tb Ntlmauth

    2/8Copyright 2002 Blue Coat Systems, Inc.

    Installing the Blue Coat NTLM Authentication Agent Service. (CAASNT)1. Copy the files caasnt.exe and caasnt.ini to the %SystemRoot%\system32

    directory of the computer used to administer the Accelerator.2. Install the CAASNT service by opening a command window, switching to the

    %SystemRoot%\system32 directory, and typing caasnt /install3. View the Services Application Event Log via the Windows Server Administrator

    Tools and validate that the CAASNT Service is running.

    To view the Application event log:The CAASNT service logs all errors to the Windows NT/2000 Application Event Logunder the name CAASNT.

    1. To view the event log, right click on My Computer and choose Manage. TheComputer Management window is displayed.

    2. Choose System Tools, Event Viewer, and then Application. When the CAASNTservice has started it will log an informational message to the Event Logindicating so.

    NTLM Authentication

    2

  • 8/13/2019 BCS Tb Ntlmauth

    3/8

    To view the Services event log:The CAASNT service logs all errors to the Windows NT/2000 Application Event Logunder the name CAASNT.

    1. To view the event log, right click on My Computer and choose Manage. TheComputer Management window is displayed.

    2. Choose Services and Applications, then Services.

    3. Right-click on CASSNT and choose Properties to manage the service. Forexample, to make CASSNT start only manually, set the Startup Type to Manual.(Automatic is the default setting.)

    Technical Brief

  • 8/13/2019 BCS Tb Ntlmauth

    4/8Copyright 2002 Blue Coat Systems, Inc.

    NTLM Authentication

    4

    Step 2 Create an NTLM RealmCreate a realm using the Blue Coat GUI Management Console, select the Securityoption.

    Select the Realms tab.

    1. Click the New button. The Add Realm dialog is displayed. Type in NTLM as theRealm name; select NTLM as the protocol for this realm

  • 8/13/2019 BCS Tb Ntlmauth

    5/8

    2. Specify the IP address and port for the primary NTLM server that the CAASNTAgent Service is running. The default port is 16101. Click on OK.

    Click Apply to save your changes. Repeat the above steps for additional NTLMservers, up to a total of 50.

    Step 3 - Enable NTLM Realm Authentication Policy1. From the Blue Coat VPM management console create a new Web

    authentication policy by selecting edit from the tool bar, and choosingAdd Web Authentication Policy.

    2. Name the new authentication, Authentication Policy. Click OK.

    Technical Brief

  • 8/13/2019 BCS Tb Ntlmauth

    6/8Copyright 2002 Blue Coat Systems, Inc.

    NTLM Authentication

    6

    3. On the Action field, right click and click on authenticate.

    4. A pop-up window will display the newly created NTLM realm, click on OK.

    5. Click on Install Policies to load Policy.

  • 8/13/2019 BCS Tb Ntlmauth

    7/8

    Technical Brief

    Step 4 - Test NTLM PolicyTest NTLM Authentication by opening up an Internet Explorer browser andconfiguring the proxy settings to the Security Gateway IP address on port 8080. Youshould not be prompted for your user name and password credentials when theAuthentication Policy is properly installed.

    You can verify the user was authenticated through the Blue Coat appliance bylooking at the access log tail (http://x.x.x.x:8081/Accesslog/tail where x.x.x.x is the IPaddress of your Blue Coat appliance). For example:

    1018355897.971 0 10.254.0.210 TCP_HIT/200 4455 GEThttp://images.mp3.com/mp3s/images/banner_ad/copy.gifYOGIPC2\Administrator DIRECT/- image/gif

    In this example the user is Administrator part of the domain YOGIPC2.

    In this TechBrief we have discussed how to quickly install and configure NTLMauthentication using the Blue Coat SG Series appliance. For more information aboutBlue Coat products please contact your local sales representative or go towww.bluecoat.com.

  • 8/13/2019 BCS Tb Ntlmauth

    8/8

    The Web Security Authority. TM

    Contact Blue Coat Systems1.866.30.BCOAT408.220.2200 Direct408.220.2250 Faxwww.bluecoat.com

    Blue Coat Systems, a Web security company, has developed the industrys first port 80 security appliance. Safeguardingmany of the world's largest corporate networks, this high-performance security appliance intelligently protects against Web-based threats by policing Port 80 the primary hole in the enterprise security infrastructure. Headquartered in Sunnyvale,California, Blue Coat Systems can be reached at 408.220.2200 or at http://www.bluecoat.com.

    Copyright 2002 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced byany means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specificationsare subject to change without notice. Information contained in this document is believed to be accurate and reliable,however, Blue Coat Systems, Inc. assumes no responsibility for its use, Blue Coat is a registered trademark of Blue CoatSystems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respec-tive owners. Version 1.0


BCS VirusVirus

BCS VirusVirus

Documents
Recipes BCS

Recipes BCS

Documents
Bcs consumerisation

Bcs consumerisation

Technology
BCS Prime Brokerage Ltd (“BCS UK”) Pillar 3 Disclosures

BCS Prime Brokerage Ltd (“BCS UK”) Pillar 3 Disclosures

Documents
Fluent Bcs

Fluent Bcs

Documents
Biopharmaceutics Classification System (BCS) Biowaiver ... BCS Biowaiver Assessment... · Biopharmaceutics Classification System (BCS) Biowaiver Assessment Report ... Human absorption

Biopharmaceutics Classification System (BCS) Biowaiver ... BCS Biowaiver Assessment... · Biopharmaceutics Classification System (BCS) Biowaiver Assessment Report ... Human absorption

Documents
101-6-a · 2014. 3. 14. · TB-4C9 TB-23C4 TB-24S4 TB-770 TB£C3 :Ta-21cg TB-gg8 TB-1802 TB-262 :TB-1171 : TB-223 TB-271 TB-295 TB-2051 TB-1607 TB-1608 TB-ê46 TB-;oos rg-ggl : TB-S13

101-6-a · 2014. 3. 14. · TB-4C9 TB-23C4 TB-24S4 TB-770 TB£C3 :Ta-21cg TB-gg8 TB-1802 TB-262 :TB-1171 : TB-223 TB-271 TB-295 TB-2051 TB-1607 TB-1608 TB-ê46 TB-;oos rg-ggl : TB-S13

Documents
BCS Instapservice

BCS Instapservice

Documents
BCS algoritmus

BCS algoritmus

Documents
CECYTE BCS

CECYTE BCS

Documents
Brosura BCS

Brosura BCS

Documents
BCS... señor

BCS... señor

Documents
Bcs newsletter2013

Bcs newsletter2013

Documents
BCS Tb der Authentication

BCS Tb der Authentication

Documents
Bcs Tb Reverseproxyssl v2a 8412

Bcs Tb Reverseproxyssl v2a 8412

Documents
Bcs centerary

Bcs centerary

Documents
Resensi Bcs

Resensi Bcs

Documents
Closures - BCS

Closures - BCS

Documents
BCS Presentation

BCS Presentation

Documents
BCS Catalog

BCS Catalog

Documents
BCS Viewbook

BCS Viewbook

Documents
BCS Softech.docx

BCS Softech.docx

Documents
Treinamento2 bcs

Treinamento2 bcs

Technology
Informer - BCS

Informer - BCS

Documents
Transforming BCS

Transforming BCS

Documents
BCS RANKINGS

BCS RANKINGS

Documents
Advertisement bcs

Advertisement bcs

Internet
JOINING BCS

JOINING BCS

Documents
3811_ReducingCostsUsingPersonalizedAutoRepair_ BCS

3811_ReducingCostsUsingPersonalizedAutoRepair_ BCS

Documents
BCS written exam preparation and BCS Preliminary exam preparation

BCS written exam preparation and BCS Preliminary exam preparation

Education