Administration Guide > Configuring NTLM Authentication > Implementing NTLM Authentication for UNIX
 
Implementing NTLM Authentication for UNIX
In Studio, you can configure NTLM authentication to control access to a WSDL, REST, SOAP, or OData data service. The process to configure for NTLM authentication requires the steps in this section.
Note: Have your IT group review the settings for your UNIX configuration files.
To implement NTLM authentication for UNIX
1. Make sure Samba is installed.
2. Make sure Winbind is installed.
3. Locate and edit the ../etc/samba/smb.conf file to include the following:
[global]
   workgroup = SUPPORT                  # Domain or workgroup name
   server string = NTLM Test Machine
   winbind uid =10000-20000        # Range big enough for all domain users
   winbind gid =10000-20000
   winbind enum users = yes
   winbind enum groups = yes
   winbind use default domain = yes
   winbind separator = +
   netbios name = qa-ntlm      # Machine name to report to windows network
   encrypt passwords = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = no
   domain master = no
   preferred master = no
   wins server = 10.1.1.3            # Address of the WINS server
   dns proxy = no
     security = domain       # Make Samba machine a member of windows domain
   password server = qaad.support.net    # Name of domain controller
 
4. Locate ../etc/nssswitch.conf and edit it as follows:
passwd:     files winbind
shadow:     files
group:      files winbind
 
5. Test the configuration using the following command:
$ testparm
 
6. Start nmbd, smbd and winbindd services.
7. Join the machine to the domain:
$ net rpc join -Uroot%<password>
 
8. Test the configuration using a command like the following, replacing the authenticate user value with your user name and password:
wbinfo --authenticate=<your user>%<your password>
 
9. Configure an LDAP domain.
a. Open Manager in your Web browser.
b. Choose SECURITY > Domain Management to open the DOMAIN MANAGEMENT page.
c. Add a new LDAP domain that specifies an LDAP domain and password.
d. Add the groups and users to the new LDAP domain who need to consume resources using NTLM authentication.
For more information about configuring an LDAP domain, see LDAP Domain Administration.
10. Using Studio, set the NTLM authentication configuration parameters:
a. Choose Administration > Configuration to access the Configuration window.
b. Expand the TDV Server > Configuration > Security > Authentication configuration parameters:
c. Change parameters as shown in the table.
Parameter
Description of Change to Make
Allow NTLM Authentication
Change this value to True.
NTLM External Domain
Enter the name of the LDAP domain you configured.
This name is only required for UNIX hosts.
11. Verify the Web service by following the steps for the type of Web or Data service:
Verifying NTLM for a Web Service
Verifying NTLM for an OData Data Service.
12. Verify the NTLM configuration with these steps:
a. Introspect the REST, SOAP, or WSDL data source.
b. Open the Web Service Operation and run it.