In this lab exercise, you will reconfigure authentication for seamless login of AD domain-joined client using NTLM.
Estimated completion time: 25 minutes
Objectives:
Lab Requirements:
F5DEMO\\user1
AgilityRocks!
Use Firefox to access the BIG-IP GUI (https://10.1.1.10, admin/admin)
Browse to Access ›› Authentication : NTLM : Machine Account
Click Create
Fill out the fields as follows:
agility-ntlm
bigip1
f5demo.com
f5demo-dc.f5demo.com
admin
AgilityRocks!
Click Join
Create a new NTLM Auth Configuration
Browse to Access ›› Authentication : NTLM : NTLM Auth Configuration
Click Create
Name: agility-ntlm
Machine Account Name: agility-ntlm
Domain controller FQDN: f5demo-dc.f5demo.com
Click Add
Click Finished
Under Configurations:
Modify User Identification Method to Credentials
Modify NTLM Auth Configuration to agility-ntlm
Add English to Accepted Languages
Accept all other default settings and click Finished
Click on the Edit… link for the appropriate Access Policy created above
On the VPE browser tab, select the + between Start and Deny and Add a NTLM Auth Result object (from the Authentication tab)
Click Save
On the Successful branch of the NTLM Auth Result Object, click on the Deny Ending and change it to Allow
Click Save
Click Apply Access Policy
Before testing, close all browser sessions and kill all session in the GUI under Access > Overview > Active Sessions