• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Setting ReturnAuthRequiredIfAuthUserDenied does not work...

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Cache] >> Web Proxy client >> Setting ReturnAuthRequiredIfAuthUserDenied does not work... Page: [1]
Login
Message << Older Topic   Newer Topic >>
Setting ReturnAuthRequiredIfAuthUserDenied does not wor... - 11.Jan.2006 6:05:51 AM   
programatix

 

Posts: 6
Joined: 9.Jan.2006
Status: offline
Hi,

The computers in my office consist of 2 different setting,
  1. The one which joined the company domain
  2. The one which does not join the company domain


I would like to apply the User filtering for the access to the Internet and block certain application, like "Skype". To do this,
  1. I remove the Gateway setting on all the clients.
  2. Installed Microsoft Firewall Clients to all the clients.


Now I'm facing some problems,
  1. The clients which joined the company domain does not have any problem at all.
  2. The clients which does not join the company domain cannot access the Internet as they a not authenticated.


I set the ReturnAuthRequiredIfAuthUserDenied to TRUE but no login dialog box is displayed for the clients which does not join the domain.


I tried solving this problem by setting the Web Proxy the require All users to authenticate. Now the auto discovery of ISA Server for Microsoft Firewall Client fails to detect the ISA Server. I need to manually set the ISA Server for all the clients. Checking the log, I found the following,

Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code Cache Information Log Record Type Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL Error Information HTTP Status Code
0.0.0.0  No Proxy CRUX  wpad.ppdg.no-ip.org TCP   - -  -  - - - 0 1 2651 67  0x0 Web Proxy Filter 11/01/2006 12:39:54 192.168.1.2 80 http Denied Connection  192.168.1.100 anonymous   GET [link=http://wpad.ppdg.no-ip.org/wspad.dat]http://wpad.ppdg.no-ip.org/wspad.dat[/link] 0x0 12229 The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator. 


To make things worst, even an authenticated user (who had log into the domain) must be authenticated again.


Searching the web, I found the following document,
http://support.microsoft.com/?kbid=905767

Will the patch help?

Any help would be appreciated.

Thanks in advance.
Post #: 1
RE: Setting ReturnAuthRequiredIfAuthUserDenied does not... - 13.Jan.2006 3:03:40 PM   
Mr_Do

 

Posts: 29
Joined: 10.Dec.2002
From: Michigan
Status: offline
The "require all users to authenticate" checkbox and the ReturnAuthRequiredIfAuthUserDenied setting don't help with firewall clients, only web proxy clients.

It seems to me that you have two choices:

1. For the computers not on your domain, make them Secure NAT clients by making their default gateway the address of the ISA Server's internal NIC. This would give you the control you want over what the computers access, but you would not be able to use rules that are based on who is signed in.

2. Stick with Firewall Client but join the computers either to your domain or to a trusted domain. You really need to get users authenticated upon login to an authority recognized by the ISA Server if you want Firewall Client to work.

(in reply to programatix)
Post #: 2
RE: Setting ReturnAuthRequiredIfAuthUserDenied does not... - 13.Jan.2006 3:45:29 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
For WPAD, you also need SkipAuthenticationForRoutingInformation
http://support.microsoft.com/default.aspx?scid=kb;en-us;885683

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to Mr_Do)
Post #: 3
RE: Setting ReturnAuthRequiredIfAuthUserDenied does not... - 19.Jan.2006 12:46:27 PM   
siroj

 

Posts: 9
Joined: 12.Jan.2006
Status: offline
I'v found that not all the ReturnAuthRequiredIfAuthUserDenied script found here work well (didn't work for me).
When you look here http://forums.isaserver.org/m_250038300/tm.htm you will found an advanced version that does work(it did for me).
 
Grx...

(in reply to LLigetfa)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Cache] >> Web Proxy client >> Setting ReturnAuthRequiredIfAuthUserDenied does not work... Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts