Avaya Support Forums

Avaya Support Forums (http://support.avaya.com/forums/index.php)
-   Avaya Networking Products (http://support.avaya.com/forums/forumdisplay.php?f=25)
-   -   Avaya Identity Services Ignition Server (http://support.avaya.com/forums/showthread.php?t=3432)

brannenj 05-31-2013 06:25 AM

Avaya Identity Services Ignition Server
 
Just curious if anyone has found a way to successfully implement this product in a Windows 2008 native mode Active Directory? (Ignition Server 8.01)

Apparently setting the functional level (of Active Directory) to native mode requires a domain policy that increases the security level of NTLM communications with Domain Controllers to NTLMv2 responses only. From what we have been informed, the ignition server does not support NTLMv2, therefore all MSCHAPv2 authentications fail thus rendering the ignition server basically useless in our Windows domain.

Any help or suggestions would be greatly appreciated (other than lowering our domain security policy- please).

Thanks.

rshaynes 01-28-2014 03:29 PM

2008/2012 Active Directory LAN Manager Authentication Levels
 
Delayed reply.

IDE 8.x requires NTLMv1 (NTLM) to be allowed. A setting of "NTLMv2 response only" should not interfere with MSCHAPv2 authentication. Only a setting of "NTLMv2 response only, restrict LM/NTLM" (the highest setting) should impact MSCHAPv2 functionality.

If NTLMv1 auditing is enabled and Inbound NTLMv1 is denied then adding the IDE servers to the NTLM exceptions list will allow for connectivity.

Currently IDE 9.0 is being tested against Windows Server 2012 so I expect, but can not comment if it is committed, that support for native NTLMv2 is likely.


All times are GMT -7. The time now is 08:03 AM.