Client integrated and basic authentication

Client Integrated (NTLM) and Basic Authentication using Domain Controller authenticates users by means of Windows account names when some users are using Internet Explorer and others are not. Internet Explorer users are automatically authenticated against the Windows Domain Controller using their Windows login credentials. Non-Internet Explorer users are prompted to enter their Windows login credentials, which are authenticated against the Domain Controller.

Configure domain controllers

1. Navigate to System > Proxy Settings > Authentication Settings. The Authentication Settings page is displayed.
2. Move the mouse pointer over the User Authentication is Enabled or the User Authentication is Disabled panel, and click Click here to change these settings.

3. Select Client Integrated and Basic Authentication using Domain Controller and click Save.

   When you have selected this authentication type, the Basic Realm Identifier and NTLM Domain Controller panels will be displayed in the Authentication Settings page.

4. In the Basic Realm Identifier panel, click Click here to change these settings.

5. Type the name of the Basic Realm identifier to be used and click Save.

   The realm appears in the authentication dialog that appears in the client's browser, enabling the user to determine why they are being asked to authenticate. It is cached by the browser, along with the user name and password for the duration of the session. The default Basic Realm identifier is 'Clearswift Secure Web Gateway'.

6. In the NTLM Domain Controller panel, click Click here to change these settings.
7. Edit the settings as required:
   • Configure automatic detection of domain controllers

     1. Select the Automatically detect Domain Controllers.
     2. Enter the Fully Qualified Domain Name of the realm that you want Secure Web Gateway to join.

     3. Enter the NetBIOS Domain Name.

        If no domain is entered, it will be set to the first part of the realm.

   • Configure a single domain controller

     1. Select Use Domain Controller and enter the Fully Qualified Domain Name.
     2. Enter the NetBIOS Domain Name.The length of this domain name must not exceed 160 characters.
8. Click Save.
9. In the task panel, Click Join Domain. The Join Domain dialog is displayed.
10. Enter your User Name and Password, and click Join.

When you configure Client Integrated Authentication using Domain Controller, Secure Web Gateway is added to the Windows domain. If you subsequently change the name of the Gateway, it will no longer be recognized by the domain and authentication will not work. When configuring Peer Gateways to use Client Integrated Authentication using Domain Controller, you must configure locally on each peer. If you attempt to configure authentication on a remote peer, it will appear as though authentication has been set up correctly; however, authentication will not work.

After you have applied your configuration, you can verify that users are being correctly authenticated.

Test authentication

1. On the Authentication Settings page, click Test Authentication in the task panel. The Test Authentication dialog is displayed.
2. Enter User Name and Password combination, then click Run Test.

Although Client Integrated Authentication (NTLM) supports user names or passwords that contain non-ASCII characters, the test mechanism does not. You cannot test authentication of user names or passwords containing extended characters.

Enable Apache Access Log

If you want to run diagnostics on your authentication, you can enable Apache Access logging for more information.

1. In the Apache Access Log is Enabled or the Apache Access Log is Disabled panel, click Click here to change these settings.
2. To enable or disable the generation of the logs, select or clear the Enable Apache access logging check box.