Enabling NTLM authentication for local users on Mac OS X
The DeviceLock Service for Mac employs NTLM authentication and encryption in order to secure network communications with other DeviceLock components. If the Mac computer is integrated in Active Directory authentication with a domain account, it will just work. However, NTLM authentication with local users is normally disabled. In order to manage a standalone Mac with DeviceLock management consoles, NTLM authentication MUST be enabled for the local user.
There are two ways to enable NTLM for a local user on Mac:
1. The user-friendly way. This method works for Mac OS X 10.7 and later. See below for the 10.6 method.
a) Navigate to Sharing pane in System Preferences, and select File Sharing.
b) Click Options.
The dialog box that appears provides a list of local users. Selecting the Share files and folder using SMB check box turns on the support for NTLM authentication for each user selected in that list.
Note: The support for NTLM authentication is enabled on a per-user basis. |
2. The alternate way. This method works for Mac OS X 10.6, 10.7 and later.
a) Install Server Admin Tools:
b) Launch Workgroup Manager from Server Admin Tools. The authentication dialog will pop up. Specify the name of a computer to connect to and provide an administrator’s credentials.
c) After successful authentication, the main window appears. Select a user from the list to the left.
d) Open the Advanced tab.
e) Click the Security button.
f) In the dialog box that appears, select the NTLMv1 and NTLMv2 check box, and apply changes. Then, change the password of the user for which you have enabled the NTLM authentication.
Note: •NTLM authentication will not be available until the user password is changed. This is the inherent limitation of the secure password database of Mac OS X. The new password is not required to be different from the old one. •The support for NTLM authentication is enabled on a per-user basis. |
