Press "Enter" to skip to content

allowing windows 7 / IE 9 NTLM client authentication to CAS-JASIG servers

I have just spent two hours trying to get a Win7 machine with IE 9 to connect to the intranet, which uses CAS-JASIG with NTLM as single sign on service (only inside the company private network)

if you’re stuck in the same problem, do this:

of course… (this is imperative)

– in IE / Settings / Advanced settings, activate Integrated Windows Authentication
– in IE / Settings / Security, add the intranet URL to the trusted sites

but here comes the tricky part:

you will need to change your registry to force Win7 to allow authentication with old-fashioned NTLM servers 🙂 (do this at your own risk, this change solved my problem, but it could make your computer go nuts and destroy the human race)

using an editor (like NOTEPAD) make a .reg file with the following lines:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
«SuppressExtendedProtection»=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
«LmCompatibilityLevel»=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
«NtlmMinClientSec»=dword:00000000
«NtlmMinServerSec»=dword:00000000

Hope it helps. Maybe this will save you hours of headache reading Microsoft Knowledge Base. 🙂

Be First to Comment

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.