• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Users Have to Reauthenticate Multiple Times

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Users Have to Reauthenticate Multiple Times Page: [1]
Login
Message << Older Topic   Newer Topic >>
Users Have to Reauthenticate Multiple Times - 14.Nov.2007 2:15:59 AM   
nilupa

 

Posts: 9
Joined: 12.Nov.2007
Status: offline
Web Proxy clients in the Internal network have to enter username & password  more than once when making a Web request and  loding  some  images  also have to enter username & password .

i try every thing to reslove this.i tried disabling  Require all users to authenticate to maintain client credentials between requests but it never worked.

do any one have solution for this.

< Message edited by nilupa -- 14.Nov.2007 2:20:08 AM >
Post #: 1
RE: Users Have to Reauthenticate Multiple Times - 14.Nov.2007 7:57:06 PM   
Yorgy

 

Posts: 158
Joined: 20.Sep.2006
Status: offline
If you haven't read this yet, this article may be helpful understanding authentication and how different types of authentication works...

http://www.microsoft.com/technet/isa/2006/authentication.mspx

HIH
Yorgy

_____________________________

Life is a zoo in a jungle!

(in reply to nilupa)
Post #: 2
RE: Users Have to Reauthenticate Multiple Times - 14.Nov.2007 10:34:36 PM   
nilupa

 

Posts: 9
Joined: 12.Nov.2007
Status: offline
yorgy thx 4 ur help.actually i found out that problem really lies on SecureNAT. Because there are two windows appear on the browser to authendicate. one is secureNAT and one is proxy. if u authendicate proxy it works fine no more naging windows but u authendicate secureNAT u get multipal windows to reauthendicate.therefore i need to disable the secureNAT. How can i disable secureNAT.

(in reply to Yorgy)
Post #: 3
RE: Users Have to Reauthenticate Multiple Times - 16.Nov.2007 10:17:11 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

How can i disable secureNAT.


SecureNet clients do not authenticate !

u can simple do not set the client as SecureNet by not setting the Default Gateway to point to ISA Server.

Check this for better understanding of ISA Server different Clients Type:

quote:


The SecureNET (SecureNAT) client : A SecureNET client is a machine configured with a default gateway address that allows Internet bound requests to pass through the ISA Firewall. If the SecureNET client is located on the same subnet of the ISA Firewall, then the default gateway address will be IP address of the ISA Firewall’s interface on the same network ID as the client. If the clients are on a remote subnet from the ISA Firewall, then the IP address will be a router interface address that will use route outbound requests through the ISA Firewall. While the “official” name in the ISA Firewall documentation is SecureNAT client, it is more accurately referred to as a SecureNET client because the Network Rule defining the connection between a source and destination network does not have to be a NAT relationship, it could be a Route relationship.


The Firewall Client : The Firewall client is a piece of software that must be installed on the client operating systems (the Firewall client should not be installed on server operating systems and never on the ISA Firewall itself). The Firewall client is a generic Winsock proxy client that intercepts Winsock application network calls and forwards them (remotes them) directly to the ISA Firewall. This enables the Firewall client to be transparent to the network routing infrastructure and does not depend on default gateway or route of last resort configuration on network routers. The only network infrastructure requirement is that the clients have a route to the IP address of the ISA Firewall closest to the client. The Firewall client also enables user authentication for access control and supports secondary connections for complex protocols when there is no Application Filter to provide that support. In contrast, SecureNET clients must have an Application Filter in place to support complex protocols that may require multiple primary and secondary connections.

The Web Proxy Client : The Web proxy client is a machine that has its browser configured to use the ISA Firewall as its Web proxy device. Browser configuration can be done manually, or can be automated using the WPAD protocol and WPAD entries in DHCP and/or DNS. The Web proxy client configuration supports only HTTP, HTTPS, and HTTP tunneled FTP requests and does not support FTP upload, only FTP download. Web proxy clients can authenticate with the ISA Firewall, in contrast to SecureNET clients, which cannot authenticate with the ISA Firewall.

Source : http://www.isaserver.org/tutorials/Definitive-Guide-ISA-Firewall-Outbound-DNS-Scenarios-Part2.html


HTH,
Tarek

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to nilupa)
Post #: 4
RE: Users Have to Reauthenticate Multiple Times - 19.Nov.2007 1:14:41 AM   
nilupa

 

Posts: 9
Joined: 12.Nov.2007
Status: offline
i didn't catch anything from ur post.nevertheless thx 4 ur help  Tarek. actually my problem is when  client aceess the internet  ISA  allow  two different connections. that ias SecureNAT and web proxy. another word for a one user there is SecureNAT connection and web proxy connection. my problem is that i need to disable the SecureNAT client connection. i tried everything but i did not manage to do so. my web proxy  use basic authendication.is there problem if i use this basic authendication.please someone tell how to disable SecureNAT step by step.

tnx.
nilupa.

(in reply to elmajdal)
Post #: 5
RE: Users Have to Reauthenticate Multiple Times - 19.Nov.2007 10:47:57 AM   
Boedus

 

Posts: 195
Joined: 8.Sep.2006
Status: offline
Hi,

As Tarek said SecureNAT can not be disabled.
A client is using SecureNAT when it is using the IP address of the ISA Server as a gateway address.
Using the ISA Firewall client might fix your issue (Windows only).

Hope this helps.

(in reply to nilupa)
Post #: 6
RE: Users Have to Reauthenticate Multiple Times - 22.Nov.2007 5:05:11 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi nilupa,

i think i got what u mean now.

under the sessions tab, u see two entries for one client, one is securenat and the other is webproxy , right ?

This is right, and can not be changed, because this is done by design.

The first thing the user to contact ISA Server anonymously, withtout authentication, if this did not work, then he will send his credentials to ISA Server  ( Web Proxy Client ).

so the first entry will always be anonymous .

HTH,
Tarek

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to nilupa)
Post #: 7
RE: Users Have to Reauthenticate Multiple Times - 26.Nov.2007 1:19:18 AM   
nilupa

 

Posts: 9
Joined: 12.Nov.2007
Status: offline
Tarek thanks 4 ur comment.can u tell me what are the different between secureNAT client and web proxy clent.

(in reply to elmajdal)
Post #: 8
RE: Users Have to Reauthenticate Multiple Times - 27.Nov.2007 4:14:55 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
!!!

read my first post again, i have wrote to you the 3 different client types for ISA Server.

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to nilupa)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Users Have to Reauthenticate Multiple Times Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts