Guys,
I ran some more tests.
Only authentication with 'Basic' - worked on devices inside and outside
the domain, but asks for password;
With only authentication 'Kerberos' - worked in the domain and does not
prompt for password;
Authentication 'Kerberos' and 'Basic':
1 - worked in the domain but asked the password out of the domain;
2 - out of the domain in 'Internet Explorer' without integrated
authentication in the format DOMAIN\user worked;
3 - adding the 'auth_param negotiate keep_alive off' option, worked in
Firefox and worked in 'Internet Explorer' with the integrated
authentication option checked.
In short, adding the option 'auth_param negotiate keep_alive off'
worked. In Firefox you can simply enter the username and password and
the 'Internet Explorer' is necessary to inform DOMAIN\user.
Em 15/05/2013 22:12, Brett Lymn escreveu:
> On Wed, May 15, 2013 at 10:00:18PM -0300, Carlos Defoe wrote:
>> As far as i know, the only auth mech that will prompt for password is
>> the basic one, so you're not enabling one per time.
>>
> I believed that IE will prompt credentials when using NTLM
> iff the machine is not part of the domain. It also seems that it will
> prompt if the proxy is configured for kerberos and basic auth but the
> machine is not part of the domain so kerberos won't work, in this case
> the authentication never succeeds (hence why I suggested turning off
> IWA). Not sure if this behaviour is a bug or desired behaviour.
>
Received on Thu May 16 2013 - 20:37:19 MDT
This archive was generated by hypermail 2.2.0 : Fri May 17 2013 - 12:00:06 MDT