RE: IE - Authentication prompt once
- From: "Bob Garrison" <bgarrison@xxxxxxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 17 Sep 2002 07:12:02 -0500
Mark, How do I eliminate "anonymous" from my "web sessions". Have a W2k
domain and an using the firewall client, on the firewall session I see
username and Client fine but cant figure out the web session. Any help here
appreciated. Thanks
Bob Garrison
Jefferson County Library
Central Services
3021 High Ridge Blvd.
High Ridge, MO 63049
636-677-8689
email: bgarrison@xxxxxxxxxxxxxxxxxxxxxxx
<mailto:bgarrison@xxxxxxxxxxxxxxxxxxxxxxx>
"It all comes down to a check box"
-----Original Message-----
From: Mark [mailto:marcoswelker@xxxxxxxxxxx]
Sent: Monday, September 16, 2002 3:15 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] IE - Authentication prompt once
http://www.ISAserver.org
Hi Guys,
I´m dealing with an organization with 90.000 workstations and ISA Server
will be the proxy solution.
I´ve had some problems concerning MSN, ICQ etc... but it´s now solved (for
more info, see att. at the end of the message).
Users can access all sites and use all protocols (no problem with that).
Problem:
Users are being asked for authorization The first time the use IE. After
this first login their credentials are stored and they are not asked for
U.ID. and PSW anymore.
Scenario:
- W2K domain.
- All clients use Firewall Client software.
- Site and Protocol rules are wide open and based on groups.
- The is only one Deny rule to a specific site.
- "Ask unauthenticated users for identification" is checked.
- Logs are perfect and you see no "anonimous" users.
Please, if you could help I´d be very grateful.
I´m approaching the project´s deadline.
Thanks,
Mark
----------------------------------------------------------
There are two problems in this situation:
1. In ISA Management, application filters, there´s one filter called:
"HTTP redirector filter". If you check out it´s properties you´ll see that
it redirects your firewall requests to web proxy requests cancelling your
authentication. This way MSN, Yahoo, ICQ won´t pass through ISA. Set if
for "Send to requested Web server".
2. There´s a BUG in the Firewall client application. Uncheck
"Automatically detect ISA Server".
After doing this configuration, you´ll see that a small green ball with a
white point in it will appear on the Firewall client ICON.
Hope this will help.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bgarrison@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
