Fortinet black logo

Administration Guide

Home FortiProxy 7.2.0 Administration Guide
7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

Domain name source when doing NTLM authentication

Domain name source when doing NTLM authentication

When doing NTLM authentication, the domain is extracted based on the following:

  1. If the domain controller has a domain name configured, it is used.

  2. Otherwise, if the NTLM type 3 message, from the user, is configured, it is used.

  3. Otherwise, if the domain name from the NTLM type 2 message, from the DC, is configured, it is used.

To configure the domain name source, if it is not set:
config user domain-controller
    edit "adfs-dc"
        set ip-address 192.168.130.200
        unset domain-name
        set domain-name-src {server | client}
        set ldap-server "adfsldap"
    next
end

The domain name can be extracted from either the server's (DC) data, or from the client's data.

Previous
Next

Domain name source when doing NTLM authentication

When doing NTLM authentication, the domain is extracted based on the following:

  1. If the domain controller has a domain name configured, it is used.

  2. Otherwise, if the NTLM type 3 message, from the user, is configured, it is used.

  3. Otherwise, if the domain name from the NTLM type 2 message, from the DC, is configured, it is used.

To configure the domain name source, if it is not set:
config user domain-controller
    edit "adfs-dc"
        set ip-address 192.168.130.200
        unset domain-name
        set domain-name-src {server | client}
        set ldap-server "adfsldap"
    next
end

The domain name can be extracted from either the server's (DC) data, or from the client's data.

Previous
Next