tis 2009-11-03 klockan 19:44 +0000 skrev Markus Moeller: > But how would that work if the guest uses his own machine e.g. Kerberos (no > ticket available) nor NTLM (no shared machine key available) can be used or > ? and ISA (or squid) sends Negotiate as the first auth option ? NTLM works without shared machine key by manual entry of login+password +domain when needed in the browser settion. Only the proxy needs a machine key to verify the login (not verified by browser). Negotiate also works as long as the client station can talk to the KDC and request a ticket, on the same premises. Maybe the ticket is even issued via the proxy in such case (not entirely sure). Neither NTLM or Negotiate strictly requires the user to be logged on to the domain, it just won't be automatic if he is not. Regards Henrik
