Hi,
At 17.51 10/05/2005, fryxar wrote:
I'm still trying to force my users to be logged with their workstation into the Active Directory, if they want to use the Internet proxy, with a user/password/domain popup authentication window request disable from the proxy.
As long as I understand, I have the following "truths":
- A proxy can authenticate an Active Directory user by using Integrated Windows Authentication, so no user/password/domain is requested and windows logon credentials are used, and to do that it can use as authentication protocols NTLM or Kerberos. These protocols are used between the browser and the proxy.
- MS ISA 2004 support both (/NTLM and Kerberos) authentication protocols
- Squid support only NTLM authentication protocol
- IE 6 support Kerberos authentication protocol, but it doesn't work if you are using a workstation with Win9x/Me/NT Operating System.
So, because Squid only suppport NTLM authentication protocol, I can't disable from the proxy the popup authentication to the AD, neither disable it if I have in the net workstations with Win9x/Me/NT Operating System.
I'm right? Thanks!
No, you are not right.
Using NTLM authentication schema you can authenticate your DOMAIN clients (Win 9x, NT4, W2k, ...) logged with a DOMAIN user without any prompt using Squid or ISA Server.
If you are logged with a LOCAL user account, you will be ALWAYS prompted for username/password/domain with both Squid or ISA Server.
Regards
Guido
- ======================================================== Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.serassio@xxxxxxxxxxxxxxxxx WWW: http://www.acmeconsulting.it/
