 Re: NTLMv2
Are you by any chance trying to use multiple Windows domains? Here's what I had:
Windows IAS server was in domain "A"
User was in domain "B" and file share was in domain "B" with a two-way trust to "A"
For granularity, I created the user in Connectra as "B\user" with RADIUS to the IAS server.
Virtually everything worked except for file shares. It gave me an unknown user message. A packet capture showed the authentication traffic was being passed to the file share as "A\B\user"
The only fix was to leave the file share field "Windows default domain" blank AND configure the share to prompt for credentials rather than passing the portal credentials.
Check Point came up with this workaround. They said I should have set up the user as "generic*" and used RADIUS groups to handle the access rules, but they also said we lose granularity with that solution, which is why we didn't do it.
Ray |