RE: ISA Authentication
- From: Milan Göllner <milan.goellner@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 13 Oct 2005 13:11:56 +0200
Hi Tom, Zye,
I think I'm talking apps, not sites. For example, when I look at ISA's log for
MS Update client I see requests from the machine the client runs on, even with
a logged on user, without authentication information. So in an ISA setup with
authentication enabled this would bounce off ISA and be rejected. However, if I
add the extra rule allowing unauthenticated traffic to the MS sites in question
MS Update works fine. The request is still the same, only now ISA accepts it, I
don't see the site being involved in this at all. I have no clue about hotmail
or OE though, I'm not using either except for my passport account :-)
I think that Zye is looking for something similar, be it http or ftp,
essentially the solution seems to be something like this, allow unauthenticated
traffic for certain locations using specified protocols originating from a few
select hosts only. I think :-)
Mit freundlichen Grüßen,
kind regards,
Milan Göllner
Computer Services & Informationssysteme
CAE Elektronik GmbH
Military Simulation & Training
52220 Stolberg, Germany
--
Tel: +49 (2402) 106 691
eMail: milan.goellner@xxxxxxxxxxx
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, October 13, 2005 12:52 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Authentication
http://www.ISAserver.org
Hi Milan,
Oh! OK, you're talking about about sites, not apps. Some sites don't support
authenticating Web proxies, like the Windows Update site and the Hotmail site
when working with Outlook Express (actually, this might be an Outlook Express
issue, not a site issue).
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: "Milan Göllner" [mailto:milan.goellner@xxxxxxxxxxx]
> Sent: Thursday, October 13, 2005 5:48 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA Authentication
>
> http://www.ISAserver.org
>
> Hi,
>
> I'm doing this as well, I simply have an extra rule with
> precedence over the default http rule which allows all users
> (which includes unauthenticated ones) to pass through without
> authentication to specific sites only using specified protocols.
> There is some crummy software around which seems to generate
> nothing but errors without something like this, Windows
> Update client comes to mind immediately and MS has this
> documented in their KB as well.
>
>
> Mit freundlichen Grüßen,
> kind regards,
>
> Milan Göllner
> Computer Services & Informationssysteme
> CAE Elektronik GmbH
> Military Simulation & Training
> 52220 Stolberg, Germany
> --
> Tel: +49 (2402) 106 691
> eMail: milan.goellner@xxxxxxxxxxx
>
> -----Original Message-----
> From: Zye [mailto:zyeuk@xxxxxxxxxxx]
> Sent: Thursday, October 13, 2005 12:31 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA Authentication
>
> http://www.ISAserver.org
>
> Sorry, you'll have to bear with me as Im a newbie to ISA. ISA is
> performing the authentication.
>
> Providing users are logged onto the domain and have the
> necessary profile
> for internet access they are allowed access, however If we
> want to turn
> off authentication for a device that needs to download on a scheduled
> basis, can we do this so that the device can download without being
> prompted for username and password? Is there another way of
> configuring
> without turning off the auth for this device?
>
> Running isa2004.
>
> Hope this is clear.
>
> Thanks
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: milan.goellner@xxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
milan.goellner@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
