Federation Manager Agent for Windows Authentication GuideInstallation Prerequisites › Domain Controller Setup on Windows for NTLM

Previous Topic: Prerequisites for Kerberos Mode with Federation Manager and the KDC on a UNIX System

Next Topic: Domain Controller Setup on Windows for Kerberos

Domain Controller Setup on Windows for NTLM

Windows 2003 SP 1 Active Directory is the primary domain controller for the Windows Domain. This host provides storage for the user, service accounts, credentials, and Windows Domain services.

The Federation Manager Windows Agent generates an NTLM response message to the NTML challenge message sent by the relying party. The server at the relying party passes the challenge and the response to the domain controller. The response is an encrypted version of the challenge using the hash of the user password. The domain controller encrypts the challenge using the same hash of the password and compares it with the response generated at the asserting party. If they match, the authentication is complete. The domain controller informs the server at the relying party.

To deploy a domain controller when using NTLM

  1. Promote Windows 2003 SP 1 Server to a domain controller using the Windows dcpromo utility.
  2. Open the Active Directory Users and Computers dialog from Administrative tools.
  3. Select Create a User Account.
  4. Enter a password for creating this account.
  5. Clear the option User Must Change Password at Next Logon.

The domain controller is deployed for NTLM.