http://www.ISAserver.org ------------------------------------------------------- Did Microsoft take your benefits out? You are loosing your patient pretty often ;-) Regards Diego R. Pietruszka MSC (USA) - Interlink Transport Technologies -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, April 05, 2007 11:36 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Passing credentials http://www.ISAserver.org ------------------------------------------------------- Q1 - ew; I'm soooo sorry Q2 - that's a repeat of "what" - the question was "why". IOW, is it the product itself or the configuration you chose that requires credentials? IOW, if you have the option, configure it "credentials-less" and limit access to it from only the ISA. Q3 - "..causes all sorts of havoc.." - SF tends to do that It's really difficult to analyze "..something was amiss..". Any chance you can start using specifics without four rounds of prompting? -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Ross Sent: Thursday, April 05, 2007 7:19 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Passing credentials http://www.ISAserver.org ------------------------------------------------------- Q1 Its BESS by Smart Computing Q2 There are access rules for content based on user member ship on BESS Q3 Their ISA application causes all sorts of havoc on the ISA box and had to be removed I tried the delegate credentials on the webchaining rule, and while it sent the proper credentials along to the content filter, something was amiss and all web traffic was cut off.. Users could not get out to the web. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, April 05, 2007 8:58 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Passing credentials http://www.ISAserver.org ------------------------------------------------------- Q1 - what is this device? Q2 - why is it user-specific? Q3 - can it be operated as part of ISA? As I said; ISA can delegate credentials upstream, but *only* if Basic auth is used. This means you *must* configure the ISA web proxy for Basic auth to protected networks and configure the upstream web chaining rule to use Basic delegation. Otherwise, the upstream proxy (if indeed it is one) must prompt for authentication using whatever methods it supports. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Ross Sent: Thursday, April 05, 2007 5:52 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Passing credentials http://www.ISAserver.org ------------------------------------------------------- The content filter, which is past the ISA box, relies on your group membership to apply specific filters. Right now all authentication is passed thru as "-", so it doesn't know who you are, and cant apply the proper filter. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Wednesday, April 04, 2007 6:25 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Passing credentials http://www.ISAserver.org ------------------------------------------------------- Yeh - that's the problem description; not an answer to the question of "why". The question on the table is "why do you need authentication at both proxies?" If the upstream proxy limits access to only the downstream proxy and the downstream proxy limits access only to authenticated users, what benefit is gained by authenticating twice? -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Ross Sent: Wednesday, April 04, 2007 1:52 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Passing credentials http://www.ISAserver.org ------------------------------------------------------- Our ISA box is not sending the proper credentials to the content filter server that is upstream, and separate from the ISA box. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Wednesday, April 04, 2007 1:22 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Passing credentials http://www.ISAserver.org ------------------------------------------------------- It's called "delegation" and that only works using Basic auth. Why do you need authentication at both proxies? -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Michael Ross Sent: Wednesday, April 04, 2007 10:26 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Passing credentials http://www.ISAserver.org ------------------------------------------------------- Is there a way to have ISA pass your credentials along to another proxy type server? ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx