In our large corporate environment we have 4 ISA 2006 servers set up. The users (WinXP IE8) are configured with an automatic proxy configuration script. Recently, the PAC was modified to return FQDN instead of IP addresses of the ISA servers. This was done to force Kerberos authentication instead of NTLM. The change has been causing intermittent problems for some users. When accessing sites over SSL, they get multiple prompts for authentication from the proxy [...]

I have a development environment that is fronted via an Apache server. This apache server requires SSL and Centrify-enabled NTLM authentication/authorization with the AD backend, using group access to view the webpages. There will be multiple projects using this environment, so I want to set up Virtual Hosting, which will allow each project to modify their own virtual host with any specific apache modules. The web files will live in /var/www/project1 ; /var/www/project2 ; etc.. [...]

I have a problem. I’m using Legrandin’s NTLM Authentication Module PyAuthenNTLM2 with my Apache2 server. It really works well and it was easy to install. I recommend it to everybody. The authentication works perfectly fine. But I have a problem once POST-Requests are sent. Everytime a POST is sent to the server, IE’s annoying credentials prompt keeps appearing. Even though I checked “Remember my Credentials”. This is how I have it configured right now: <Directory [...]

I’m using squid 2.6.22 (Centos 5 Default) as a proxy. Squid seems to break the authentication process for web pages when they require NTLM or Kerberos Auth. I tested with sharepoint 2007 and tried all 3 authentication methods (NTLM, Kerberos, Basic). Accessing the site without squid works in all cases. When I access the same page with squid, then only basic-auth works. Using IE or Firefox desn’t make any difference. Squid itself can be used [...]

We have an established Intranet based on WSS with two front ends and a database. Currently all authentication is NTLM. We have installed Reporting Services In Integration Mode. RS works as long as the web front end that has RS installed on it handles the transactions. If the front end without RS handles the request then we get an UNAUTHORIZED error. In attempting to fix this problem, web searches etc. – have alluded to the [...]

I am developing with an ASP.NET application that uses Windows Authentication. I have setup the web.config file to deny all unauthenticated users, and only allow users from a certain role. Using Fiddler, I am able to fuzz my session ID, replay a request, and still get a 200 OK response… apparently without any renegotiation whatsoever. I am under the impression that the credentials for NTLM based authentication are associated with the underlying TCP connection. Firstly, [...]

i’ve got Squid-2.7 running on our Windows 2008 box. Works great. I wish to restrict access to it via username restriction. Currently, my username is BlahDomainFooUser . Password: blah. Is there any way i can tell Squid that user BlahDomainFooUser is allowed to access all websites, provided they authenticate. Now, i’m assuming they need to authenticate with .. the AD, if the username is DomainUser? I do NOT want to add things to the AD [...]

I have a web application that I’d like to authenticate to using pass-through NTLM for SSO. There is a problem, however, in that NTLMv2 apparently will not work in this scenario (without the application storing an identical password hash). I enabled NTLMv1 on one client machine (Vista) using its local group policy: Computer->Windows Settings->Security Settings->Network Security: LAN Manager authentication level. I changed it to Send LM & NTLM – use NTLMv2 session security if negotiated. [...]

I have noticed in our network that when I want to enable users to connect to a Web Application and be automatically logged in, I need to provide them with a URL such as http://server/path/application.aspx. If I use http://server.domain.com/path/application.aspx, they are prompted to login instead. I’d like to have both URLs automatically login the users to the Web application, but I’m missing the big picture on how this works (or rather why it doesn’t work [...]

I’m running Squid 2.7-stable4, Samba 3 and the Windows 7 RC with IE8. I have NTLM authentication setup on my squid proxy server and it works fine for every combination of browser and Windows (including IE8 on XP and Firefox on Win7), but it doesn’t work (keeps asking for authentication) for IE8 on Windows 7. I can get it to work using the LmCompatibilityLevel registry hack, but I’d really prefer to get it working on [...]