NTLM (NT LAN Manager) is an authentication type used on Windows for authentication against an Active Directory (or NT) domain.
First, the following conditions must be met:
NTLM authentication can be used only in case users are authenticated against an Active Directory domain. It is applicable only to the user accounts that were imported from Active Directory (see chapters 10 Mapping users from directory services and 8.9 Import Users).
In order for the NTLM authentication to be functional, both computers as well as user accounts have to belong to the domains used for authentication.
To make NTLM relevant it is necessary that users use clients with support for NTLM (SPA) authentication (e.g. MS Outlook).
NTLM authentication in Kerio MailServer must be set correctly, as follows:
In the administration console, go to Domains ( ). Open the dialog with domain settings details and switch to the Advanced tab (see figure 28.1 Setting Windows NT domain name). Use the Windows NT Domain entry to specify NT domain name (the name usually matches the Active Directory domain name without the first level domain — NET, COM, etc.).
In the administration console, go to Allow NTLM authentication for users with Kerberos authentication (for Active Directory users) option on the Security Policy tab. Enable this option to allow Active Directory domain users to authenticate at Kerio MailServer upon their logon.
and enable theIn the administration console, open the Windows NT Domain option for user authentication. These parameters can be set on the General tab (see figure 28.3 User authentication settings).
section and set the