Secure Password Authentication (SPA) and (NTLM) does not work when MailEnable Integrated Authentication. (Auth against AD)
SYMPTOMS
When NTLM authentication is enabled for a service, for a postoffice which is using Windows authentication, clients configured with SPA (Secure Password Authentication) cannot authenticate.
CAUSE
When MailEnable services authenticate against Active Directory using Integrated Authentication a username and password supplied by the email client are required.
The problem when using NTLM with Integrated Authentication is that the email client and the MailEnable service negotiate a successful login using an NTLM handshake method and in this process a password is not sent across (a hash of the password is sent instead). Due to this MailEnable does not have a password to use when it tries to authenticate back to Active Directory.
SOLUTION
Clients must disable SPA in order to authenticate
against MailEnable when Integrated Authentication is
enabled.
| Product: | MailEnable |
| Category: | Other |
| Article: | ME020550 |
| Module: | SMTP |
| Keywords: | SPA,NTLM,ntlm,SSO,sso,spa,ad,active,directory,integrated,authentication |
| Class: | BUG: Product Defect/Bug |
| Revised: | Wednesday, May 4, 2016 |
| Author: | MailEnable |
| Publisher: | MailEnable |
- Mail Server
- Overview
- Features
- Comparisons
- Solutions
- Product Editions
- Feature Matrix
- Webmail Demo
- Video Gallery
- Migrate To MailEnable
- Testimonials