Scribd Logo
Unggah

Selamat datang di Scribd!

  • BCS TB Ntlmauth

    Diunggah oleh

    claudiu.sima
    39 tayangan8 halaman
    BCS Tb Ntlmauth

    Judul Asli

    BCS Tb Ntlmauth

    Hak Cipta

    © Attribution Non-Commercial (BY-NC)

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    BCS Tb Ntlmauth

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    39 tayangan8 halaman

    BCS TB Ntlmauth

    Diunggah oleh

    claudiu.sima
    BCS Tb Ntlmauth

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 8

    The Web Security Authority.

    TM

    NTLM Authentication
    What is NTLM Authentication?

    NTLM is a Microsoft-proprietary protocol that authenticates users and computers based on an authentication challenge and response. When an NTLM realm is used, and a resource is requested from the SG Series appliance, our appliance contacts the user or computer's account domain to verify identity, then requests an access token. The access token is generated by the domain controller and passed to (and if valid, accepted by) the Accelerator. Refer to Microsofts Web site for detailed information about the NTLM protocol and a list of Microsoft operating system versions that support NTLM. The advantage of NTLM authentication is that it provides a single sign-on solution for Internet Explorer users who are already logged in to a domain.

    Why Enable NTLM Authentication with Blue Coat?

    The Blue Coat SG Series appliance offers the capability to authenticate users defined in a NTLM database thereby utilizing your existing authentication process through the Blue Coat appliance. This enables an administrator to know who is accessing network resources and to define user/group-based policy along with all the other Blue Coat features.

    How to implement NTLM authentication


    There are four steps to implement authentication services
    1. Install the Blue Coat NTLM Authentication Agent Service 2. Create an NTLM Realm 3. Enable NTLM authentication through the Blue Coat Visual Policy Manager and create policy based on user and group identification 4. Test NTLM policy

    Step 1 Install the Blue Coat NTLM Authentication Agent Service


    The Blue Coat NTLM Authentication Agent Service must be installed on a PDC or BDC or a member server/workstation Windows NT/2000 Server. The Blue Coat NTLM Authentication Agent (CAASNT) is a Windows NT/2000-compatible application that aids in integrating and managing NTLM security with the Blue Coat appliance.

    Technical Brief

    NTLM Authentication
    Installing the Blue Coat NTLM Authentication Agent Service. (CAASNT) 1. Copy the files caasnt.exe and caasnt.ini to the %SystemRoot%\system32 directory of the computer used to administer the Accelerator. 2. Install the CAASNT service by opening a command window, switching to the %SystemRoot%\system32 directory, and typing caasnt /install 3. View the Services Application Event Log via the Windows Server Administrator Tools and validate that the CAASNT Service is running.

    To view the Application event log:


    The CAASNT service logs all errors to the Windows NT/2000 Application Event Log under the name CAASNT.

    1. To view the event log, right click on My Computer and choose Manage. The Computer Management window is displayed. 2. Choose System Tools, Event Viewer, and then Application. When the CAASNT service has started it will log an informational message to the Event Log indicating so.

    2 Copyright 2002 Blue Coat Systems, Inc.

    To view the Services event log:


    The CAASNT service logs all errors to the Windows NT/2000 Application Event Log under the name CAASNT. 1. To view the event log, right click on My Computer and choose Manage. The Computer Management window is displayed. 2. Choose Services and Applications, then Services.

    3. Right-click on CASSNT and choose Properties to manage the service. For example, to make CASSNT start only manually, set the Startup Type to Manual. (Automatic is the default setting.)

    Technical Brief

    NTLM Authentication
    Step 2 Create an NTLM Realm
    Create a realm using the Blue Coat GUI Management Console, select the Security option. Select the Realms tab.

    1. Click the New button. The Add Realm dialog is displayed. Type in NTLM as the Realm name; select NTLM as the protocol for this realm

    4 Copyright 2002 Blue Coat Systems, Inc.

    2. Specify the IP address and port for the primary NTLM server that the CAASNT Agent Service is running. The default port is 16101. Click on OK.

    Click Apply to save your changes. Repeat the above steps for additional NTLM servers, up to a total of 50.

    Step 3 - Enable NTLM Realm Authentication Policy


    1. From the Blue Coat VPM management console create a new Web authentication policy by selecting edit from the tool bar, and choosing Add Web Authentication Policy. 2. Name the new authentication, Authentication Policy. Click OK.

    Technical Brief

    NTLM Authentication
    3. On the Action field, right click and click on authenticate.

    4. A pop-up window will display the newly created NTLM realm, click on OK.

    5. Click on Install Policies to load Policy.

    6 Copyright 2002 Blue Coat Systems, Inc.

    Step 4 - Test NTLM Policy


    Test NTLM Authentication by opening up an Internet Explorer browser and configuring the proxy settings to the Security Gateway IP address on port 8080. You should not be prompted for your user name and password credentials when the Authentication Policy is properly installed.

    You can verify the user was authenticated through the Blue Coat appliance by looking at the access log tail (http://x.x.x.x:8081/Accesslog/tail where x.x.x.x is the IP address of your Blue Coat appliance). For example:

    1018355897.971 0 10.254.0.210 TCP_HIT/200 4455 GET http://images.mp3.com/mp3s/images/banner_ad/copy.gif YOGIPC2\Administrator DIRECT/- image/gif

    In this example the user is Administrator part of the domain YOGIPC2.

    In this TechBrief we have discussed how to quickly install and configure NTLM authentication using the Blue Coat SG Series appliance. For more information about Blue Coat products please contact your local sales representative or go to www.bluecoat.com.

    Technical Brief

    Contact Blue Coat Systems 1.866.30.BCOAT 408.220.2200 Direct 408.220.2250 Fax www.bluecoat.com

    The Web Security Authority.TM

    Blue Coat Systems, a Web security company, has developed the industrys first port 80 security appliance. Safeguarding many of the world's largest corporate networks, this high-performance security appliance intelligently protects against Webbased threats by policing Port 80 the primary hole in the enterprise security infrastructure. Headquartered in Sunnyvale, California, Blue Coat Systems can be reached at 408.220.2200 or at http://www.bluecoat.com. Copyright 2002 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use, Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. Version 1.0

    Anda mungkin juga menyukai