Hi,
At 17.51 10/05/2005, fryxar wrote:
>I'm still trying to force my users to be logged with their workstation
>into the Active Directory, if they want to use the Internet proxy, with
>a user/password/domain popup authentication window request disable from
>the proxy.
>
>As long as I understand, I have the following "truths":
>
> - A proxy can authenticate an Active Directory user by using
>Integrated Windows Authentication, so no user/password/domain is
>requested and windows logon credentials are used, and to do that it can
>use as authentication protocols NTLM or Kerberos. These protocols are
>used between the browser and the proxy.
>
> - MS ISA 2004 support both (/NTLM and Kerberos) authentication
>protocols
>
> - Squid support only NTLM authentication protocol
>
> - IE 6 support Kerberos authentication protocol, but it doesn't work
>if you are using a workstation with Win9x/Me/NT Operating System.
>
>So, because Squid only suppport NTLM authentication protocol, I can't
>disable from the proxy the popup authentication to the AD, neither
>disable it if I have in the net workstations with Win9x/Me/NT Operating
>System.
>
> I'm right? Thanks!
No, you are not right.
Using NTLM authentication schema you can authenticate your DOMAIN clients
(Win 9x, NT4, W2k, ...) logged with a DOMAIN user without any prompt using
Squid or ISA Server.
If you are logged with a LOCAL user account, you will be ALWAYS prompted
for username/password/domain with both Squid or ISA Server.
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Tue May 10 2005 - 10:14:37 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT