Phone Lines icon GFI Support Home

Articles in this section

See more

Configuring Automatic User Authentication Using NTLM

Author: Vladyslav Velychko Updated

Overview

Kerio Control supports automatic user authentication by the NTLM method (NT LAN Manager authentication from web browsers). Once authenticated for the domain, users do not need to enter their usernames and passwords.

The Kerio Control NTLM authentication requires a specific configuration on the Kerio Control Administration side and on the supported client browsers itself. The browsers supported are Internet Explorer, Mozilla Firefox, Google Chrome, and modern Edge (Chromium-based).

 

Prerequisites

Please ensure meeting the following requirements:

Back to top

 

Solution

Configuring NTLM in Kerio Control

  1. In the administration interface, go to Configuration > Domains and User Login.
  2. Go to the Authentication Options tab.
  3. (Optional) Check the option Always require users to be authenticated when accessing web pages.
  4. Check Enable automatic authentication using NTLM.

    1.png

  5. Click Apply.

Note: Rejoin the domain and restart the Kerio Control installation to clear the NTLM cache for troubleshooting purposes.

 

Configuring Microsoft Internet Explorer Settings

In Internet Explorer, you must enable integrated Windows authentication, and add the Kerio Control server name to trusted servers by following these steps:

  1. Open Internet Explorer.
  2. Click Tools > Internet Options.
  3. Click the Advanced tab.
  4. Check Enable integrated Windows Authentication.

    Automatic_user_authentication_using_NTLM_2.png

  5. Restart Internet Explorer.

Internet Explorer should now be correctly configured, and NTLM authentication should work. This means that the users do not have to authenticate with Kerio Control credentials.

If NTLM does not work, you may have problems with Kerio Control server name. In this case, follow these steps: 

  1. Go to Tools > Internet Options.
  2. Click the Security tab.
  3. Click Local Intranet.
  4. Click Sites.

    Automatic_user_authentication_using_NTLM_3.png

  5. In the Local Intranet dialog box, click Advanced.
  6. Add the Kerio Control server name to the list of trusted servers. For increased security, enter the server name in this format: https://server.company.com
    ie_options.png

Back to top

 

Configuring Mozilla Firefox Settings

  1. Open Mozilla Firefox.
  2. Enter about:config in the address bar.
  3. Confirm the security warning by clicking Accept the Risk and Continue.
    ntlm_browser0.png
  4. Use the filter to search for network.automatic-ntlm-auth.trusted-uris.
  5. Double-click the item.
  6. In the dialog box, add the Kerio Control server name. For increased security, enter the server name in this format: https://server.company.com
    ntlm_browser1.png

Mozilla Firefox should now be correctly configured, and NTLM authentication should work. This means that the users do not need to authenticate with Kerio Control credentials.

Back to top

 

Configuring Google Chrome and Edge Settings

Chrome/Edge uses Internet Explorer's Security Configuration, so one way to configure Chrome's settings is to configure Internet Explorer. Google Chrome adopts the same settings so that NTLM authentication will work.

For command-line options, you can use the following command:

Chrome:

Chrome.exe –auth-server-whitelist=”MYSERVER.DOMAIN.COM” –auth-negotiate-delegatewhitelist=”MYSERVER.DOMAIN.COM” –auth-schemes=”digest,ntlm,negotiate”

Edge:

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" –auth-server-whitelist=”MYSERVER.DOMAIN.COM” –auth-negotiate-delegatewhitelist=”MYSERVER.DOMAIN.COM” –auth-schemes=”digest,ntlm,negotiate”

For more information, please refer to the 3rd-party article about configuring Chrome/Firefox integrated authentication.

Back to top

Related articles