• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Password prompting

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Cache] >> General >> Password prompting Page: [1]
Login
Message << Older Topic   Newer Topic >>
Password prompting - 2.Apr.2004 4:16:00 PM   
snewby

 

Posts: 18
Joined: 30.Mar.2004
Status: offline
I've installed Beta 2 of ISA 2004 to be used purely as a cache server, however I am having problems with the authentication.
I've created a policy for web browsing with a specific group of users assigned to it and this works as I would expect. What I want to be able to do though is for a user from another domain, who isn't in the list of users, to be prompted for a username and password when they try to browse through the server. Instead they are just getting the page from ISA saying it can't retrieve the requested page.
In ISA 2000 you could tell it to prompt for unauthenticated users, is this option still in 2004?
Thanks in advance,

Steve
Post #: 1
RE: Password prompting - 2.Apr.2004 4:49:00 PM   
snewby

 

Posts: 18
Joined: 30.Mar.2004
Status: offline
Just found what i was looking for. On the properties of the internal network I can specify authentication methods.

(in reply to snewby)
Post #: 2
RE: Password prompting - 3.Apr.2004 10:24:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Steve,

That will do it!

Good to hear you got it working and thanks for the follow up!

Tom

(in reply to snewby)
Post #: 3
RE: Password prompting - 5.Apr.2004 10:51:00 AM   
snewby

 

Posts: 18
Joined: 30.Mar.2004
Status: offline
After turning on the option to "Ask unauthenticated users for identification" I noticed a problem with users running MSN Messenger. Although these users are authenticated on the domain and in the allowed users group, and as such can browse the internet, when I turn this option on Messenger will no log on, it says that incorrect logon details were supplied for the proxy server. When I disable the option to "Ask unauthenticated users for identification" they can log back onto Messenger again without problems.
Has anyone else come across this? Am I doing something wrong here or could this possibly be a bug in the beta?
Regards,

Steve

(in reply to snewby)
Post #: 4
RE: Password prompting - 5.Apr.2004 12:48:00 PM   
snewby

 

Posts: 18
Joined: 30.Mar.2004
Status: offline
Further to my last post it appears that Messenger also cannot log on unless I have "All users" selected as being allowed, i.e. basically allowing anonymous users through.
But even if I do have "all users" selected and then have "ask unauthenticated users for identification" selected it will still fail.
Any ideas?
Cheers,

Steve

(in reply to snewby)
Post #: 5
RE: Password prompting - 5.Apr.2004 6:24:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Steve,

The problem is that the wrong credentials get send by the MSN messenger to the firewall.

You should configure the Hotmail and MSN sites for Direct Access by including *.msn.com, *.passport.com and *.hotmail.com in the Domains tab. That way, apps will avoid the Web Proxy and use their Firewall or SecureNAT client config to reach those sites.

HTH,
Tom

(in reply to snewby)
Post #: 6
RE: Password prompting - 6.Apr.2004 11:35:00 AM   
snewby

 

Posts: 18
Joined: 30.Mar.2004
Status: offline
Is there no way that this can go through the proxy in this environment. It would be helpful as it allows tracking of who is using Messenger?
Thanks,

Steve

(in reply to snewby)
Post #: 7
RE: Password prompting - 7.Apr.2004 2:55:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Steve,

Its a MSN/Hotmail bug, not an ISA issue. That's why you need to configure the sites for Direct Access. You can leverage the Firewall client config if you're using a secure config. Otherwise, SecureNAT is avaialable.

HTH,
Tom

(in reply to snewby)
Post #: 8
RE: Password prompting - 7.Apr.2004 5:02:00 PM   
snewby

 

Posts: 18
Joined: 30.Mar.2004
Status: offline
Thanks for that Tom.
I've now just created a separate Access policy, purely for those sites that MSN uses, that is set to allow "All Users" through.
At least I can get an IP address logged for those people using Messenger.
Do you know if this is something MS are aware of and intend to fix in Messenger?
Regards,

Steve

(in reply to snewby)
Post #: 9
RE: Password prompting - 9.Apr.2004 4:37:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Steve,

Yes, there's even a KB on it. When you configure the sites for Direct Access, it always works a treat. Direct Access config for those sites is always standard procedure to make the ISA firewall transparent to clients.

HTH,
Tom

(in reply to snewby)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Cache] >> General >> Password prompting Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts