- Kerio WinRoute Firewall Administrator's Guide
23.3 Automatic user authentication using NTLM
365
<variable name="Name">LAN</variable>
...
</listitem>
9. Save the winroute.cfg file and run WinRoute Firewall Engine.
Now, the WinRoute configuration is identical with the original WinRoute configuration on
the prior operating system.
Note: The method described above includes a complete “clone” of WinRoute on a new
host. Some of the steps are optional — for example, if you do not wish to keep the
current statistics, do not copy the star subdirectory.
23.3 Automatic user authentication using NTLM
WinRoute supports automatic user authentication by the NTLM method (authentication
from Web browsers). Users once authenticated for the domain are not asked for user-
name and password.
This chapter provides detailed description on conditions and configuration settings for
correct functioning of NTLM.
General conditions
The following conditions are applied to this authentication method:
1. WinRoute Firewall Engine is running as a service or it is running under a user account
with administrator rights to the WinRoute host.
2. The server (i.e. the WinRoute host) belongs to a corresponding Windows NT or Ker-
beros 5 (Windows 2000/2003) domain.
3. Client host belongs to the domain.
4. User at the client host is required to authenticate to this domain (i.e. local user
accounts cannot be used for this purpose).
5. The NT domain / Kerberos 5 authentication method (see chapter 13.1) must be set
for the corresponding user account under WinRoute. NTLM cannot be used for au-
thentication in the internal database.