Hi Henrik,
At 16.34 18/10/2005, Henrik Nordstrom wrote:
>On Tue, 18 Oct 2005, Serassio Guido wrote:
>
>>>And why they don't implement Negotiate for proxy connections
>>>completely beats me. Big mystery. How does MSIE authenticate with
>>>ISA server as a proxy in a pure AD environment? Is that even possible?
>>
>>It uses NTLM ....
>
>And if the AD has NTLM support disabled? Still using NTLM or just failing?
NTLM support cannot be disabled in AD. At least NTLMv2 is always supported.
>>Just for an example: when using Windows Cluster, the authentication
>>against a cluster virtual node can be NTLM only.
>
>So in other words Microsoft is not yet ready to run MSAD in a pure
>native Kerberos mode, not even if all servers and clients run the
>latest greatest versions of their OS.
Correct.
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Tue Oct 18 2005 - 08:51:31 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:07 MST