Removing NTLM vs Fortigate Auth
Hi, I'm looking to turn off NTLM in our domain as a general security improvement. I suspect this will affect our current Fortigate client auth setup though. I'm wondering whether it's possible to reconfigure the Fortigate setup to not rely on NTLM at all, or NTLM v2 only.
We are a secondary school with a 600C on v5.6.8 at the edge of a Windows domain and a separate wifi BYOD VLan.
The Windows domain has 2 DCs and about 300 Windows 7 & 10 clients. One of the DCs runs the FSSO collector agent in polling mode.
The wifi VLan clients use Fortigate RADIUS back to Windows NPS running on the 2nd DC. It seems this relies on passthrough NTLM? I'm guessing NTLM is used here because not all clients will be capable of Kerberos?