Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Auto-logon through NTLM
  •  
mirovo

Messages: 23

Karma: 0
Send a private message to this user
Hello,
now I`m trying to figure out NTLM auto-logon on KWF, while loading user porfile on Windows. I need it to be silent, so launching IE or firefox, after logon is finished, is not possible... I try curl with NTLM support but to no end.

Any idea? Thx.

[Updated on: Fri, 07 September 2007 15:07]

  •  
uniquegodwin

Messages: 13
Karma: 0
Send a private message to this user
Hi,
Did you get the solution???
  •  
subnet

Messages: 133
Karma: 0
Send a private message to this user
Also looking for an solution. Because we use Koc Offline Connector and Authentication through http is required prior opening microsoft outlook. Sometime users don't want to open there internet explorer before starting outlook...

Regards,

Cliff
  •  
soukupl

Messages: 70
Karma: 0
Send a private message to this user
You can try somethink like this...

kwf_logon.vbs
Dim oIE
Set oIE = CreateObject("InternetExplorer.Application")
oIE.Visible = False
oIE.Fullscreen = False
oIE.Toolbar = True
oIE.Statusbar = True
oIE.Navigate("http://www.google.com/")
WScript.Sleep(30000)
oIE.quit


and run it using this command:
cscript \\-PATH-TO-SCRIPT-\kwf_logon.vbs



We are not using this... but it should work. The VBS script will open MSIE instance and point it to google.com. After 30 seconds, MSIE instance will be closed.
NTLM have to work correctly in MSIE.

[Updated on: Thu, 14 May 2009 17:02]


Ladislav Soukup
  •  
uniquegodwin

Messages: 13
Karma: 0
Send a private message to this user
How do I disable Winroute web based authentication when NTLM fails?

Thanks
  •  
mwalky

Messages: 13
Karma: 0
Send a private message to this user
Script
Quote:

Dim oIE
Set oIE = CreateObject("InternetExplorer.Application")
oIE.Visible = False
oIE.Fullscreen = False
oIE.Toolbar = True
oIE.Statusbar = True
oIE.Navigate("http://www.google.com/")
WScript.Sleep(30000)
oIE.quit

seems not working in Internet Explorer 8. Error like this returned:
Quote:

---------------------------
Windows Script Host
---------------------------
Script: C:\kwf_logon.vbs
Line: 9
Char: 1
Error: The object invoked has disconnected from its clients.
Code: 80010108

I think, because IE8 spawns some instances of itself when started and original process could not be closed. So, it would be merciful to all users, if Kerio stuff develops such utility that authorizes users automatically using their Windows credentials.
  •  
bruggles

Messages: 125
Karma: 1
Send a private message to this user
Kerio,

YES PLEASE ADD automatically use Windows Credentials to authorize silently!!
  •  
uniquegodwin

Messages: 13
Karma: 0
Send a private message to this user
I don't think Kerio guys are even interested in doing that.

[Updated on: Mon, 01 June 2009 12:11] by Moderator

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
NTLM is single-sign-on. It is using Windows credentials and secure framework. Internet browsers can use either NTLM or Negotiate authentication methods. Both are equivalent from user point of view. There is also an option to use proxy server which can handle authorization without a redirect to KWF web interface.

Can you explain why do you need to logout the users? Are they share the same computer or are they using some terminal server?

If you demand an ability to write some kind of external plug-in for KWF and the product does not support that I think it is fair to recommend another solution which will satisfy your needs much better.

  •  
uniquegodwin

Messages: 13
Karma: 0
Send a private message to this user
Writing an external plugin was just an option from my side if Kerio is unable to provide support for SSO. (Just imagine,I'm ready to go to THAT EXTENT as a customer)

I basically don't want the login screen to be displayed if NTLM fails.

I cannot use proxy since many HTTP based applications don't have an option to configure proxy. Plus...I wonder if proxy can help me achieve automatic authentication and not prompt for username and password if authentication fails?



Users are not using terminal server. They use client XP computers that are joined to the domain.

Managing based on IP address/Mac address is not an option for us since it's more work to manage many computers.

[Updated on: Sun, 31 May 2009 16:35]

  •  
Dobermann

Messages: 4
Karma: 0
Send a private message to this user
Autologin with NTLM and logon scripts should work fine.
Why NTLM should fails? Smile Anyway... you can disable logon screen if authentification fails...
  •  
Higor

Messages: 24
Karma: 0
Send a private message to this user
Guys, we created an article available at http://kb.kerio.com/article.php?id=917

Thanks for your collaboration.
Previous Topic: Thank you: Rule comments back
Next Topic: why NTLM Authentication is failed?!
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 17 13:44:22 CEST 2017

Total time taken to generate the page: 0.00523 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.