Secure One Services Group

Expand all | Collapse all

ProxySG | BCAAA 6.1 can support NTLM v1 and v2 ?

Jump to Best Answer
  • 1.  ProxySG | BCAAA 6.1 can support NTLM v1 and v2 ?

    Posted 05-08-2019 12:43 AM

    Dear All

      My customer would like to confirm information before implement BCAAA for support SSO

    They would like to know about BCAAA 6.1 can support NTLM both version 1 and 2

    they would like KB and document for reference. please recommend.

    Thank you so much for your help.

     

    Best Regards,

    Chakuttha R.



  • 2.  RE: ProxySG | BCAAA 6.1 can support NTLM v1 and v2 ?
    Best Answer

    Broadcom Employee
    Posted 05-08-2019 12:54 AM

    Hi Chakuttha,

     

                    I didn't find an article explicitly stating that BCAAA support both but we do. We are acting as middle man in this authentication between client and AD. I did find a related artcile which indirectly says that we support both versions Ref: https://support.symantec.com/en_US/article.TECH248373.html

     

    I will search more and let you know if I find it.



  • 3.  RE: ProxySG | BCAAA 6.1 can support NTLM v1 and v2 ?

    Posted 05-08-2019 01:16 AM

    Dear Aravind,

      Thank you for confirm.  i have inform to customer before but they would like reference i cannot found too.



  • 4.  RE: ProxySG | BCAAA 6.1 can support NTLM v1 and v2 ?

    Posted 05-08-2019 01:41 PM

    As a general note, NTLMv2 is an old protocol and NTLMv1 is from the stone age. So when refering to "NTLM" you usually implicitly mean NTLMv2. I'm not quite sure what your customer has in mind when he asks about NTLMv1 support. I hope he doesn't run devices that require NTLMv1...

    If you need to actually show some official statement to the customer you can open a support case and ask the question.

    Or start a packet capture, open a website that requires authentication with a realm that has only NTLM enabled and show the customer that indeed NTLMv2 is used.

    What BCAAA supports depends on the configuration of the Windows server it is running on and setup of the AD domain. If NTLMv1 is disabled there (which is recommended) then of course BCAAA cannot support that.