Hi,
I am pretty sure it is easy and possible but can't figure out how. I have user logged to domain, explicit proxy is configured on LTM, user browser is pointed to proxy IP. I would like to avo...
Unfortunately I can't make it work. I have all machine and NTLN Auth configured - seems to be working for me. Machine account created, NTML Auth Configuration with correct data. When it's updated I can see in Wireshark communication with AD server looking like successful verification of account configured as machine account.
I have explicit proxy VSs configured - they are working OK when Access Profile with Basic authentication is used.
When Access Profile that should use NTLM is assigned to those VSs I have no luck in accessing any page. Looking at http communication on the client computer (user logged to domain) there are two 407 responses, transaction looks like that:
first GET for external site
HTTP/1.1 407 Proxy Authentication Required
GET with NTLMSSP_CHALLENGE
HTTP/1.1 407 Proxy Authentication Required
GET with NTLMSSP_AUTH, User: TEST\user - it's the same as user logged into computer
I can't see any trace of user session in Manage Sessions, there are no entries in Access Policy >> Event Logs >> Access System Logs All Session report (logging profile has debug set for all categories in Access System Logs). I am not sure if same messages are logged in /var/log/apm - here nothing as well.
In Wireshark on AD I can see DCERPC request and response - but don't know NTLM protocol so good to figure out if it's success or not.
My Access Profile is set to:
Profile Type: SWG-Explicit
User Identification Method: tried both IP and Credentials
NTLM Auth Configuration: my configuration
Access Policy looks like on screen:
I tried one with HTTP 407 Response set to negotiate, and NTLM Auth Result attached to negotiate branch.
On the client side http exchange seems to be identical no matter what options I use.