We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

How Can I Configure Mixed LDAP and NTLM or Kerberos Authentication (Hybrid Mode) on My Barracuda Web Filter?

  • Type: Knowledgebase
  • Date changed: 4 years ago
Solution #00007048 

Scope:

All Barracuda Web Filters, All Firmware Versions.

ANSWER:

If your Web Filter is using both LDAP authentication and NTLM or Kerberos authentication, this is called a Hybrid deployment. If you are deployed inline, and using NTLM/Kerberos for authenication of some proxied traffic, you may need to configure this on older firmwares (6.0 and below) - See 6.0 instructions below. On newer firmwares, this functionality is configured by default.

However if you are deployed as a forward proxy (that is, your LDAP traffic is being proxied to the Web Filter on one port, and your NTLM/Kerberos traffic is being proxied to the Web Filter on a different port) the configuration gets a little more complicated.

For both deployments, refer to the chart below to determine what to do:

INLINE

6.0 and below: On Users/Groups > Configuration page, enable Hybrid Mode and set the proxy port to the port you are going to proxy your traffic on. Default is 3128. Transparent (inline) traffic

7.0 and above: This is configured by default. Normal traffic will receive LDAP authentication. Any traffic that comes in on your proxy port (Set on the Advanced > Proxy page) will receive NTLM/Kerberos authentication.

FORWARD PROXY

6.0 and below: On Users/Groups > Configuration, enable Hybrid Mode and set the proxy port to the port you are going to proxy your traffic on. Default is 3128.

7.0 to 8.0: Contact technical support. This must be configured via the command line.

8.1 and above: On the Advanced > Proxy page, set Enable Port Auth Exemption to yes. This will authenticate any traffic proxied on port 8080 with LDAP authentication. Any traffic proxied on the proxy port (configurable on the same page, default 3128) will receive NTLM/Kerberos authentication.


Link To This Page:

https://campus.barracuda.com/solution/501600000014E2aAAE