Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
No authentication prompt
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
No authentication prompt - 8.Dec.2004 5:25:00 PM
|
|
|
tjcarst
Posts: 171
Joined: 6.May2004
From: Lincoln, NE
Status: offline
|
Users are not prompted to authenticate.
I have an access rule that allows HTTP from internal to external for an AD group. Users not in this group are denied access to the internet, but a prompt is not appearing as in Proxy 2.0 and ISA 2000.
Everything I've read says to make sure the Outgoing Authentication is Integrated and does not have the box checked that requires all users to authenticate. This setting is on Networks, Internal, Properties, Web Proxy, Authentication.
I have both of these settings and still my users are not prompted for a valid username/password to authenticate. I do not have the firewall client installed and they are only Web Proxy clients, ISA server and port is specified in Internet Explorer. I have tried installing the firewall client for testing purposes, but they are still not prompted. How do I enable this in ISA 2004?
Thanks.
tjcarst
tjcarst
|
|
|
|
|
RE: No authentication prompt - 8.Dec.2004 10:13:00 PM
|
|
|
Guest
|
put check in require all users to authentificate. In this case its will ask for username/pass/domain for every user attempted to start browser. Remember-- old browser dosnt have ability to authenticate users, mostly IE, but new opera for Mac finally got that options, so we not stuck to Internet Bugsplorer only.
|
|
|
|
|
RE: No authentication prompt - 9.Dec.2004 4:22:00 PM
|
|
|
tjcarst
Posts: 171
Joined: 6.May2004
From: Lincoln, NE
Status: offline
|
Thanks. We are running all IE 5.x or higher, so should not be a problem.
I checked this box, but still am not prompted. I receive an error
Error code : 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
Source: proxy
tjcarst
|
|
|
|
|
RE: No authentication prompt - 9.Dec.2004 4:30:00 PM
|
|
|
tjcarst
Posts: 171
Joined: 6.May2004
From: Lincoln, NE
Status: offline
|
I have an ISA 2000 running on Windows 2000 that DOES prompt for a username and password. I do not have the option to ask unauthenticated users to authenticate checked.
For ISA 2000, there was a Microsoft hotfix that broke the ability for users to be prompted. Then there was a fix. There was also a registry hack to disable the prompt. I can't find anything on ISA 2004. Many seem to be trying to get this to stop, indicating this is a feature that is on by default. How did they turn it off? I'd like to do the opposite.
I have 50 people ready to lynch me. If I allow All Users access to the internet to appease the 50 who can't, I'll have hundreds who are very happy......
|
|
|
|
|
RE: No authentication prompt - 9.Dec.2004 5:09:00 PM
|
|
|
AbqBill
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
|
Hi tjcarst,
I don't really understand your problem. If a user logs on with an account that has permissions, then the integrated authentication will transparently pass those credentials to the ISA firewall and permit the access. Why would you want a prompt to appear?
--
Bill Stewart
|
|
|
|
|
RE: No authentication prompt - 9.Dec.2004 5:21:00 PM
|
|
|
tjcarst
Posts: 171
Joined: 6.May2004
From: Lincoln, NE
Status: offline
|
They don't want to logon to the computer as themselves. 20 therapists share a pc and have a quick moment between patients. They want to fire up IE, go to a web site, and walk away.
This worked fine in Proxy 2.0 and ISA 2000. I need it to work in ISA 2004. I have the same authentication setting on my ISA 2004 outgoing listener as on ISA 2000. Integrated. Nothing else. It doesn't work the same. But others here are trying to turn off this prompt on 2004, so obviously, it does work.
Trust me. I've fought to get everyone to signon to computers as themselves for purposes beyond just browsing. It isn't going to happen. And managers are not going to allow ALL employees access to the internet.
I need to be able to get this to work as it used to before ISA 2004. It appears as though it should by default, so I've messed something up somewhere. I was just hoping someone would know how to fix it.
Thanks!
[ December 09, 2004, 05:23 PM: Message edited by: tjcarst ]
|
|
|
|
|
RE: No authentication prompt - 9.Dec.2004 5:34:00 PM
|
|
|
joemarr_intek
Posts: 9
Joined: 8.Dec.2004
Status: offline
|
Hmm
My questions is related. I want them to authenticate, but I dont want them to get a prompt, I would like the domain authentication to pass through.
If I have intergrated authentication checked, and I dont have require all users to authenticate will it just rely on pass through?
|
|
|
|
|
RE: No authentication prompt - 9.Dec.2004 5:35:00 PM
|
|
|
joemarr_intek
Posts: 9
Joined: 8.Dec.2004
Status: offline
|
Hmm
My questions is related. I want them to authenticate, but I dont want them to get a prompt, I would like the domain authentication to pass through.
If I have intergrated authentication checked, and I dont have require all users to authenticate will it just rely on pass through?
|
|
|
|
|
RE: No authentication prompt - 9.Dec.2004 5:37:00 PM
|
|
|
AbqBill
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
|
Hi tjcarst,
Let me see if I understand your problem...
A computer is logged on with a user that should not have web access. If you open IE, then access is denied immediately rather than prompting for authentication. It's too time-consuming to log off the current user and log back on with an account that has the appropriate permissions.
Is this correct?
--
Bill Stewart
|
|
|
|
|
RE: No authentication prompt - 9.Dec.2004 6:02:00 PM
|
|
|
tjcarst
Posts: 171
Joined: 6.May2004
From: Lincoln, NE
Status: offline
|
You have it correct, Bill.
|
|
|
|
|
RE: No authentication prompt - 9.Dec.2004 6:22:00 PM
|
|
|
AbqBill
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
|
Hi,
A possible woraround for this behavior is to create an IE shortcut with the "run with different credentials" option enabled.
--
Bill Stewart
|
|
|
|
|
RE: No authentication prompt - 9.Dec.2004 7:35:00 PM
|
|
|
tjcarst
Posts: 171
Joined: 6.May2004
From: Lincoln, NE
Status: offline
|
Thanks, Bill. That is an option. But, some things are links in email, or on an internal web page, and this would not work very well.
But, it should work. By default, this is supposed to be the behavior. Something I've done has changed it and I'd really like to get it back to how the users are used to it working.
tjcarst
|
|
|
|
|
RE: No authentication prompt - 9.Dec.2004 7:52:00 PM
|
|
|
AbqBill
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
|
quote:
By default, this is supposed to be the behavior.
Hi,
This is not the default behavior in ISA Server 2004 AFAIK. I don't know of a way offhand to revert to the old behavior.
--
Bill Stewart
|
|
|
|
|
RE: No authentication prompt - 9.Dec.2004 10:06:00 PM
|
|
|
tjcarst
Posts: 171
Joined: 6.May2004
From: Lincoln, NE
Status: offline
|
I will search some more, but I believe there are other users who have posted they wish to stop the prompt and I thought it was ISA 2004. The person, joemarr_intek, that posted in this thread above may be able to confirm s/he has ISA 2004.
Why would MS change the default behavior?
tjcarst
[ December 09, 2004, 10:28 PM: Message edited by: tjcarst ]
|
|
|
|
|
RE: No authentication prompt - 10.Dec.2004 12:01:00 AM
|
|
|
AbqBill
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
|
Hi tjcarst,
I threw together a quick VBScript script that lets you toggle this behavior. You can get it here: RequestAuth.vbs
Copy it to your ISA Server, and run it from a command window.
In your case, you probably need to type:
cscript RequestAuth.vbs /network:Internal /enable
For ISA Server 2000, you can change the ReturnDeniedIfAuthenticated registry value (see KB article 297324).
--
Bill Stewart
[ January 05, 2005, 12:22 AM: Message edited by: Bill Stewart ]
|
|
|
|
|
RE: No authentication prompt - 10.Dec.2004 12:11:00 AM
|
|
|
tjcarst
Posts: 171
Joined: 6.May2004
From: Lincoln, NE
Status: offline
|
Thanks, Bill. I actually had that registry hack for ISA 2000. I installed a MS hotfix that broke the authentication prompt. This registry hack put it back.
The registry is different in ISA 2004 and I was a bit of a coward.
You are a Genius! Thanks for hanging in there and providing this fix.
tjcarst
[ December 10, 2004, 03:11 AM: Message edited by: tjcarst ]
|
|
|
|
|
RE: No authentication prompt - 10.Dec.2004 12:32:00 AM
|
|
|
AbqBill
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
|
Hi tjcarst,
Let me know if the script works for you (it worked for me here).
I posted the info regarding ISA Server 2000 in case other readers might have wanted to know how to do the same thing in the older version.
--
Bill Stewart
|
|
|
|
|
RE: No authentication prompt - 21.Jan.2005 8:49:00 AM
|
|
|
bindumadhava
Posts: 4
Joined: 12.Jan.2005
Status: offline
|
Hi,
In my case it is working fine except for chatting..Yahoo & MSN Chat is not working .Yahoo log shows Error Code 12002.
Bindu
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Smile]](/image/smiles/smile.gif)
