Use the information in this section to understand, create, and use NTLM authentication profiles.
IMPORTANT: NTLM authentication profiles can only be assigned to forward proxy services.
Excelerator supports pass-through NTLM authentication for Web servers that require NTLM authentication.
Figure 61 illustrates how NTLM authentication can be used to control access to a forward proxy service.
Figure 61
The following table summarizes the platforms supported for NTLM authentication:
Table 18.
| Network Component | Software Requirements |
|---|---|
Workstation |
|
Cache Device |
|
Domain Controller |
NT Domain database as specified in the profile |
Figure 62 summarizes the configuration requirements for NTLM authentication:
Figure 62 
Complete the following Steps
Using an FTP client, access the Excelerator 2.3 device's default FTP directory (/etc/proxy/appliance/config/user) and retrieve the VOLAUTH.EXE file.
Copy VOLAUTH.EXE to the WINNT directory on each Domain Controller.
The VOLAUTH.EXE file is also located on the Volera.product Web pages on Novell.com.
Open a DOS session window and enter the following command:
run volauth -install
Start the Excelerator Services on the Domain Controller by doing one of the following:
After you have completed the steps in Preparing Your Network for NTLM Authentication, you can set up an NTLM authentication profile by completing the following procedure.
In the browser-based management tool, click Cache > Authentication > Insert.
Type a name for the profile in the Authentication Profile Name field.
IMPORTANT: Each profile name created on a cache device must be unique. Excelerator doesn't recognize case differences (MyProfile and myprofile are the same name to Excelerator) and it will overwrite and concatenate previously created profiles without warning if a duplicate name is used. For more information, see Authentication Dialog Box.
Check NTLM Authentication > click Options.
In the Addresses list, insert the IP addresses of the Domain Controllers to which users will authenticate in the order you want the controllers accessed.
Click OK > OK.
Assign the profile to one or more proxy services as described in each service tab section in Using the Cache Panel.
Click Apply.
In Excelerator 2.3, NTLM authentication profiles now support multiple domains.
The username and groupname strings used by Excelerator always include the domain name followed by a back slash (\). Therefore, log file entries will contain the domain combined with the other names.
Access control rules that refer to NTLM authentication profiles must now contain the domain name followed by the username or groupname.
The procedure for creating profiles has not changed. Multiple domain support is handled by the trust relationships between domains.
To use NTLM multiple domain support, you will need to do the following:
On each Domain Controller used by an existing NTLM authentication profile, install the VOLAUTH.EXE file contained in the Excelerator 2.3 device's default FTP directory (/etc/proxy/appliance/config/user).
Use the VOLAUTH.EXE file when configuring additional Domain Controllers for NTLM authentication profiles.
Establish trust relationships between the Domain referenced in a profile and any other domains being used for authentication.
If you have previously created access controls that refer to NTLM-based authentication profiles, edit the controls and insert a domain name and back slash (\) before any usernames or groupnames included in the controls.
Include the domain name and back slash (\) with all usernames and groupnames included in new access controls you create.