RE: authenticate via NTLM & AD

From: Mark McRitchie (Mark.McRitchie_at_salamis.co.uk)
Date: 05/05/04

  • Next message: Anthony Campbell: "Re: Anyone using tripwire?" 
    To: 'Benedict Verheyen' <linux4bene@pandora.be>
Date: Wed, 5 May 2004 08:22:08 +0100

    Heya,

    > Also when surfing, you need to use a proxy server which in turn
    > requires NTLM authentication but it's the same user/password
    > combo from the AD ( it gets the info there).

    Ah yes... I had this problem when setting up our squid proxy server to
    replace our ISA server.
    Some options I can see here:

    1) Place the debian box outside the proxy server (would heavily depend on
    your network setup)

    2) if you have control over the ISA server you should be able to allow
    access by IP address for the new debian box. In our experience though,
    changing the ISA config was something just a little to the left of
    witchcraft (main reason we replaced it with a squid box).

    3) Install a proxy server like Jana (http://www.janaserver.de) on a Win box
    set it to run under the context of an AD domain account. Install the Win
    Proxy firewall client thing that lets you use other protocols (ftp, ssh etc)
    through the proxy on the same PC and you should be able to then sneakily use
    the jana proxy server through the MS proxy. Its been a while since I did
    this so my memory is now a leetle hazy on hwo I got this bit to work.
     
    Then just replace the ISA box with a squid box which will save your company
    shed loads of cash and make yourself look good ;-)

    HTH,
    Mark. 

    --
This e-mail message may contain confidential or privileged information.
Recipients are requested to preserve this confidentiality and to advise 
the sender immediately of any error in transmission.
Any views/opinions expressed in this email are that of the author and 
may not reflect the views of Salamis Group - www.salamisgroup.com
-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Anthony Campbell: "Re: Anyone using tripwire?"

    Relevant Pages

    • help on smtp problem
      ... We use ISA server 2000 as Proxy server for WinPX clients. ... we bought a Canon iR3530 Multifunctions device which allow ...
      (microsoft.public.isa)
    • route specific URLs to another proxy server ?
      ... My ISA server is in our London Office. ... Our Dublin office often uses resources on the remote site in ... would be nice if I could just redirect that request to another proxy server ...
      (microsoft.public.isaserver)
    • Re: Blocking IE access?
      ... If you will have a safe solution you have to use ISA server. ... A more or less dirty option will be to set a non existing proxy server so IE will always try to contact it and the user will not be able to surf. ... We have two users that use one PC, one account uses the PC sensibly ...
      (microsoft.public.windows.group_policy)
    • Re: Block websites
      ... I was told it can be done in dns, ... You need a proxy server like ISA server or SQUID to do it. ...
      (microsoft.public.windows.server.security)
    • can i configure ISA as a bouncer to AOL IM??
      ... so i'm working on a proxy server at work and would like to chat on IM. ... I currently have ISA server at home that is only functioning as a web ...
      (microsoft.public.isa)
    Loading