When using Chrome on Windows to access Share, if the command-line switch is not present, the permitted list consists of those servers in the Local Machine or Local Intranet security zone. This is the behavior in Internet Explorer. For example, when the host in the URL includes a “.” character, it is outside the Local Intranet security zone. Treating servers that bypass proxies as being in the Intranet zone is currently not supported.
On Windows, HTTP authentication is achieved by adding the Kerberos delegation server allowlist policy, AuthNegotiateDelegateAllowlist. Note that the AuthNegotiateDelegateAllowlist policy:
- Specifies the servers that Chrome may delegate to
- Has a Windows registry location of HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\AuthNegotiateDelegateAllowlist
- Has separate multiple server names with commas
- Allows wildcards (*)
- If you do not set this policy, Chrome does not delegate user credentials, even if a server is detected as Intranet
To set the AuthNegotiateDelegateAllowlist policy, follow these steps:
When using Chrome on Linux as your client, follow these steps: