http://www.ISAserver.org ------------------------------------------------------- That's because your rules are anonymous. Sent to you from Black Hat Las Vegas via WM5-enabled PPC-phone -----Original Message----- From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxx> To: isalist@xxxxxxxxxxxxx Sent: 8/7/06 18:57 Subject: [isalist] Re: NTLM proxy authentication with Linux http://www.ISAserver.org ------------------------------------------------------- not sure whether its single its the limitation of my single nic solution or not but that doesnt work. If i untick the "require all users.." button then any users in that group (ad users group) are allowed un authenticated access. Greg ----- Original Message ----- From: "Jim Harrison" <Jim@xxxxxxxxxxxx> To: <isalist@xxxxxxxxxxxxx> Sent: Tuesday, August 08, 2006 11:31 AM Subject: [isalist] Re: NTLM proxy authentication with Linux http://www.ISAserver.org ------------------------------------------------------- Nope. You can have authentication without forcing it at the listener. It's called "user-based rules". ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Mulholland Sent: Monday, August 07, 2006 16:21 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: NTLM proxy authentication with Linux http://www.ISAserver.org ------------------------------------------------------- Then my authentication group which is a requirement becomes null and void as the authentication isnt checked. so that doesnt work for me Greg ----- Original Message ----- From: "Jim Harrison" <Jim@xxxxxxxxxxxx> To: <isalist@xxxxxxxxxxxxx> Sent: Tuesday, August 08, 2006 1:11 AM Subject: [isalist] Re: NTLM proxy authentication with Linux http://www.ISAserver.org ------------------------------------------------------- Disable "require all users..." on the outbound web listener. If you can't, then you can't have anonymous traffic through it. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isas All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx