To configure Symantec Web Gateway to integrate Active Directory integration with NTLM
In the Web GUI, click Administration > Configuration > Authentication.
Under NTLM Configuration, specify the following information about your Active Directory environment:
Type the domain name of your realm, such as symantecexample.com. IP addresses are not valid. A partial domain name is valid if DNS Suffix is specified on the Administration > Configuration > Network page.
Primary/Secondary Domain Controller
Type the fully qualified domain name of your primary domain controller and secondary domain controller, such as controller.symantecexample.com. IP addresses are not valid. A partial domain name is valid if DNS Suffix is specified on the Administration > Configuration > Network page.
A secondary domain controller is optional if you want a redundant server.
Use Interface Name for NTLM Authentication
Check the box if you configured a Management Interface Name and added an A record for it to DNS.
The default is unchecked but checked (with proper configuration) is recommended.
Type the time between authentication requests from Symantec Web Gateway to the domain controller. The default is 15 minutes. A shorter time results in increased load on Symantec Web Gateway.
User Authentication Re-tries
Type the number of times that the Web browser allows the user to try to supply the user name and password after failed attempts. If the user fails to correctly log on after this number of attempts, only IP-based policies or default policies apply. If you use an enforce authentication policy, users see an error page. If you use 407 authentication, users see a proxy error page. After the authentication failure, reports display activity based on IP address only and not user names. If you have configured an Enforce Authentication policy for a user and the user fails authentication, Symantec Web Gateway denies Web access.
If you select this option, specify the Domain Controller User Name and the Domain Controller Password in the corresponding boxes. Use the administrator password.
If you use a proxy network configuration and 407 authentication, Symantec Web Gateway does not save these login credentials. Therefore, an error occurs if you uncheck this box and use different credentials from those that you specify for the Primary and Secondary Domain Controller.
Click Test beside the type of authentication that you want to perform (HTTP 401 or HTTP 407).
The results of the test appear at the top of the page. If there is an error, correct the settings and test again.
Imported Document ID: HOWTO54114
Subscribing will provide email updates when this Article is updated. Login is required.