[isalist] Re: Passing credentials

  • From: "D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR" <DPietruszka@xxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 5 Apr 2007 12:03:58 -0400

http://www.ISAserver.org
-------------------------------------------------------

Did Microsoft take your benefits out?
You are loosing your patient pretty often ;-)

Regards
Diego R. Pietruszka
MSC (USA) - Interlink Transport Technologies

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Thursday, April 05, 2007 11:36 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Passing credentials

http://www.ISAserver.org
-------------------------------------------------------
  
Q1 - ew; I'm soooo sorry
Q2 - that's a repeat of "what" - the question was "why".  IOW, is it the
product itself or the configuration you chose that requires credentials?
IOW, if you have the option, configure it "credentials-less" and limit
access to it from only the ISA.
Q3 - "..causes all sorts of havoc.." - SF tends to do that

It's really difficult to analyze "..something was amiss..".
Any chance you can start using specifics without four rounds of
prompting?

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Ross
Sent: Thursday, April 05, 2007 7:19 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Passing credentials

http://www.ISAserver.org
-------------------------------------------------------
  
Q1
Its BESS by Smart Computing
Q2 
There are access rules for content based on user member ship on BESS
Q3
Their ISA application causes all sorts of havoc on the ISA box and had
to be removed

I tried the delegate credentials on the webchaining rule, and while it
sent the proper credentials along to the content filter, something was
amiss and all web traffic was cut off.. Users could not get out to the
web. 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Thursday, April 05, 2007 8:58 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Passing credentials

http://www.ISAserver.org
-------------------------------------------------------
  
Q1 - what is this device?
Q2 - why is it user-specific?
Q3 - can it be operated as part of ISA?

As I said; ISA can delegate credentials upstream, but *only* if Basic
auth is used.
This means you *must* configure the ISA web proxy for Basic auth to
protected networks and configure the upstream web chaining rule to use
Basic delegation.

Otherwise, the upstream proxy (if indeed it is one) must prompt for
authentication using whatever methods it supports.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Ross
Sent: Thursday, April 05, 2007 5:52 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Passing credentials

http://www.ISAserver.org
-------------------------------------------------------
  
The content filter, which is past the ISA box, relies on your group
membership to apply specific filters.
Right now all authentication is passed thru as "-", so it doesn't know
who you are, and cant apply the proper filter. 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Wednesday, April 04, 2007 6:25 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Passing credentials

http://www.ISAserver.org
-------------------------------------------------------
  
Yeh - that's the problem description; not an answer to the question of
"why".

The question on the table is "why do you need authentication at both
proxies?"
If the upstream proxy limits access to only the downstream proxy and the
downstream proxy limits access only to authenticated users, what benefit
is gained by authenticating twice?

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Ross
Sent: Wednesday, April 04, 2007 1:52 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Passing credentials

http://www.ISAserver.org
-------------------------------------------------------
  
Our ISA box is not sending the proper credentials to the content filter
server that is upstream, and separate from the ISA box. 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Wednesday, April 04, 2007 1:22 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Passing credentials

http://www.ISAserver.org
-------------------------------------------------------
  
It's called "delegation" and that only works using Basic auth.
Why do you need authentication at both proxies?

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Ross
Sent: Wednesday, April 04, 2007 10:26 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Passing credentials

http://www.ISAserver.org
-------------------------------------------------------
  
Is there a way to have ISA pass your credentials along to another proxy
type server?
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 


All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 


All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts: