iPad hangs after entering credentials when using NTLM authentication

iPad does respond to NTLM handshake.

iPad has issues with NTLM authentication.

To authenticate an iPad with your domain, we can set-up form based authentication.

Now, we do not know the user agent of the iPad until after authentication, therefore we cannot distingush what device is an iPad on your network (yet) , one thing we can do is set static IPs or assign them a range. We want to do this because we only want to set-up form-based authentication  for the iPads.

The form itself can be found and edited on the Proxy under Configuration-->Authentication-->Forms-->Authentication Forms-->authentication_form. Or you can create your own in the same area by clicking the New Button at the bottom

First Create a Web Authentication Layer

VPM-->Policy-->Web Authentication Layer.

For the Source:

Set the Source as the IPs or Range of IPs that were set for the iPads above. 

For the Destination:

Leave it set to Any.

For the Action, this is where we set our Form Based authentication:

Right Click None under Action

Click Set-->New--> Authenticate. This will bring up the Add Authenticate Object.

Set the name to a name of your choice

Select the Realm you wish to authenticate against.

For Mode select Form IP. 

For Authentication Form select authentication_form or the form you created.

For New Pin Form select new_pin_form

For Query Form select query_form

Click Ok and make sure the object you just created is selected and click Ok.

Then Install Policy.

On Your iPad, (make sure iPad is pointed towards proxy) open Safari and browse to an allowed site, i.e. google.com, the user will be presented with a form to enter in the domain/realm and their username and password. Once entered, they will be taken to the desired URL and they are now authenticated with your domain.