AltostratusHi,
Probably obvious for APM pros but not for me :-(. Is that possible to use basic + negotiate with NTLM? Itried but failed. From docs I was reading it seems that it is only possible when using Kerberos. Am I right or wrong?
Piotr
NimbostratusAs I know when using http 401 authentication, negotiate can only be used for NTLM and Kerberos, if http 407 proxy authentication is used, negotiate can be used Basic and NTLM
CirrostratusHi,
I am a bit confused. I did test with Access Policy assigned to SWG-Explicit type profile.
In policy I have HTTP 407 Response object
From test:
Result: All users (connected to domain and not connected) will get authentication popup when first connecting to proxy
Result: Both user connected to domain and not connected cen't access web sites. Auth popup is displayed again and again. Looking at user not connected to domain I can see attempt to use NTLM, in APM logs I can see error that user@computername do not exist - what is of course correct.
So either my policy is wrong, or it's not possible to use HTTP 407 Response: basic+negotiate for NTLM, only for Kerberos - no NTLM Auth Configuration set in profile.
Piotr
CirrostratusSeems that there is no way to use NTML and basic at the same time. When NTLM Auth Configuration is enabled in Access Profile then APM is sending:
HTTP/1.1 407 Proxy Authentication Required: Proxy-Authenticate: NTLM
immediately even before starting Access Policy. What is strange some requests are reaching HTTP 407 Response object and there is successful authentication but for next request again NTML is requested and failing because connecting client is not connected to domain.
So it seems NTML and basic clients can not be handled in any way with the same VS and Access Profile :-(
Piotr