RE: Prompted for User Credentials on Firewall Client
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 31 Jan 2003 00:59:15 -0600
Hi Paul,
Stefaan Pouseele discovered this phenomenum regarding the HTTP
Redirector. Check it out at http://tinyurl.com/54zq
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1>
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
-----Original Message-----
From: Paul Berg [mailto:frogman1370@xxxxxxxxx]
Sent: Thursday, January 30, 2003 9:44 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Prompted for User Credentials on Firewall
Client
http://www.ISAserver.org
Tom,
What a bummer, I was hoping you were NOT going to give that
solution ;). Is there someway to enforce Site and Content Rules if you
are configuring the HTTP redirect filter to go directly to the web site?
I'm assuming no, but I wanted to ask anyway. If this is the cause it
looks like they are going to have to live with manual authentication to
prevent users from bypassing the SuperScout Web Filter product.
Thanks,
Paul
Thomas W Shinder <tshinder@xxxxxxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org
Hi Paul,
If you want to bypass the Web Proxy service, don't
configure the HTTP Redirector to reject the requests, configure it to
pass the requests to the Internet server. I don't use Yahoo or other
chat programs, but I believe the issue is authenticating with the Web
Proxy service and the remote Web site. The key is to bypass the Web
Proxy service by configuring those sites for Direct Access. As for
WebTrends, I let their Tech support figure that one out :-)
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
<http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1
<http://tinyurl.com/1jq1>
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
-----Original Message-----
From: Paul Berg [mailto:frogman1370@xxxxxxxxx]
Sent: Wednesday, January 29, 2003 9:22 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Prompted for User
Credentials on Firewall Client
http://www.ISAserver.org
Tom,
You're absolutly correct on the Web Proxy asking
for authentication. I have now changed the HTTP Redirector to Reject
HTTP requests from Firewall and SecureNAT clients and still I am
prompted to authenticate at some point from the said applications.
The strange thing is that when authentication is
prompted for Yahoo Messenger, it doesn't matter if you authenticate or
cancel out from the authentication menu. Yahoo Messenger still keeps
it's functionality. I have it configured to use No Proxies for the
Connection configuration - shouldn't this bypass the Web Proxy service?
For Real Player it needs the authentication or you lose the
functionality on the streaming video. Is there something that I'm
missing in the configuration?
I do have SuperScout installed on the ISA box
that has the SuperScout Dummy Rule in the Site and Content Rules.
However, I also have the Allow Rule for any request rule in there as
well. Removing SuperScout from the picture hasn't given any progress on
the authentication problem. Please let me know if you have any ideas
for direction of where I should look.
Thank you for your time,
Paul
Thomas W Shinder <tshinder@xxxxxxxxxxxxxxxxxx>
wrote:
http://www.ISAserver.org
Hi Paul,
The firewall service won't ever ask for
manual authentication. The credentials are sent in the background. Its
the Web Proxy service that's asking your for credentials. Check the Web
Proxy and Firewall logs to confirm this. You'll need to bypass the Web
Proxy service for these app's. You can configure the sites for Direct
Access, or disable the HTTP Redirector filter.
HTH,
Tom
www.isaserver.org/shinder
-----Original Message-----
From: Paul Berg
[mailto:frogman1370@xxxxxxxxx]
Sent: Monday, January 27, 2003 2:54 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Prompted for User
Credentials on Firewall Client
http://www.ISAserver.org
Can anyone point me in the right
direction on an article or give an explanation on the process of
stopping manual authentication through the firewall client? I am
testing on applications of Yahoo Messenger and Real One Player which ask
for authentications repeatedly (but the applications work). The ISA
server is using the HTTP redirect filter to the Web Proxy Service. I
have tried messing around with the Application Settings (Found in the
Firewall Properties) and added the "ForceCreditials" for the application
"realplay", "realplayer", and "raplay" set to 0. All efforts have been
without success.
I'm just looking for a reason of why
this happens or a process when the firewall session should know the user
- or should it? For some reason, my user's find this "inconvenient" in
doing their work - go figure. My environment is NT domain if that
helps.
Any help would be much appreciated,
Paul
_____
Do you Yahoo!?
Yahoo! Mail Plus
<http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com> -
Powerful. Affordable. Sign up now
<http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com>
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Exchange Server
Resource Site: http://www.msexchange.org/ Windows Security Resource
Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site:
http://www.msexchange.org/
Windows Security Resource Site:
http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this
ISAserver.org Discussion List as: frogman1370@xxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
_____
Do you Yahoo!?
Yahoo! Mail Plus
<http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com> -
Powerful. Affordable. Sign up now
<http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com>
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Exchange Server
Resource Site: http://www.msexchange.org/ Windows Security Resource
Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site:
http://www.msexchange.org/
Windows Security Resource Site:
http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: frogman1370@xxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
_____
Do you Yahoo!?
Yahoo! Mail Plus
<http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com> -
Powerful. Affordable. Sign up now
<http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com>
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server
Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server
FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------ Exchange Server
Resource Site: http://www.msexchange.org/ Windows Security Resource
Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------ You are currently
subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
