RE: Prompted for User Credentials on Firewall Client
- From: Paul Berg <frogman1370@xxxxxxxxx>
- To: "\[ISAserver.org Discussion List\]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 30 Jan 2003 07:43:56 -0800 (PST)
Tom,
What a bummer, I was hoping you were NOT going to give that solution ;). Is
there someway to enforce Site and Content Rules if you are configuring the HTTP
redirect filter to go directly to the web site? I'm assuming no, but I wanted
to ask anyway. If this is the cause it looks like they are going to have to
live with manual authentication to prevent users from bypassing the SuperScout
Web Filter product.
Thanks,
Paul
Thomas W Shinder <tshinder@xxxxxxxxxxxxxxxxxx> wrote:http://www.ISAserver.org
Hi Paul, If you want to bypass the Web Proxy service, don't configure the HTTP
Redirector to reject the requests, configure it to pass the requests to the
Internet server. I don't use Yahoo or other chat programs, but I believe the
issue is authenticating with the Web Proxy service and the remote Web site. The
key is to bypass the Web Proxy service by configuring those sites for Direct
Access. As for WebTrends, I let their Tech support figure that one out :-)
HTH,Tom Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp -----Original Message-----
From: Paul Berg [mailto:frogman1370@xxxxxxxxx]
Sent: Wednesday, January 29, 2003 9:22 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Prompted for User Credentials on Firewall Client
http://www.ISAserver.org
Tom,
You're absolutly correct on the Web Proxy asking for authentication. I have
now changed the HTTP Redirector to Reject HTTP requests from Firewall and
SecureNAT clients and still I am prompted to authenticate at some point from
the said applications.
The strange thing is that when authentication is prompted for Yahoo Messenger,
it doesn't matter if you authenticate or cancel out from the authentication
menu. Yahoo Messenger still keeps it's functionality. I have it configured to
use No Proxies for the Connection configuration - shouldn't this bypass the Web
Proxy service? For Real Player it needs the authentication or you lose the
functionality on the streaming video. Is there something that I'm missing in
the configuration?
I do have SuperScout installed on the ISA box that has the SuperScout Dummy
Rule in the Site and Content Rules. However, I also have the Allow Rule for
any request rule in there as well. Removing SuperScout from the picture hasn't
given any progress on the authentication problem. Please let me know if you
have any ideas for direction of where I should look.
Thank you for your time,
Paul
Thomas W Shinder <tshinder@xxxxxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org
Hi Paul, The firewall service won't ever ask for manual authentication. The
credentials are sent in the background. Its the Web Proxy service that's asking
your for credentials. Check the Web Proxy and Firewall logs to confirm this.
You'll need to bypass the Web Proxy service for these app's. You can configure
the sites for Direct Access, or disable the HTTP Redirector filter.
HTH,Tomwww.isaserver.org/shinder -----Original Message-----
From: Paul Berg [mailto:frogman1370@xxxxxxxxx]
Sent: Monday, January 27, 2003 2:54 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Prompted for User Credentials on Firewall Client
http://www.ISAserver.org
Can anyone point me in the right direction on an article or give an explanation
on the process of stopping manual authentication through the firewall client?
I am testing on applications of Yahoo Messenger and Real One Player which ask
for authentications repeatedly (but the applications work). The ISA server is
using the HTTP redirect filter to the Web Proxy Service. I have tried messing
around with the Application Settings (Found in the Firewall Properties) and
added the "ForceCreditials" for the application "realplay", "realplayer", and
"raplay" set to 0. All efforts have been without success.
I'm just looking for a reason of why this happens or a process when the
firewall session should know the user - or should it? For some reason, my
user's find this "inconvenient" in doing their work - go figure. My
environment is NT domain if that helps.
Any help would be much appreciated,
Paul
---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Exchange Server Resource
Site: http://www.msexchange.org/ Windows Security Resource Site:
http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com ------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
frogman1370@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Exchange Server Resource
Site: http://www.msexchange.org/ Windows Security Resource Site:
http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com ------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
frogman1370@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
Other related posts: