cancel
Showing results for 
Search instead for 
Did you mean: 
nsgmike
Level 7

LDAP Authentication questions regarding browser pop-up

I am performing LDAP Authentication on my users. I am running two machines in proxy HA mode on the latest code.

When a user opens a browser they never get prompted for the authentication box, when I put in their browser proxy settings and they open a browser they get prompted.....

I can't add the proxy address to 5,000 computers, help would be much appreciated.

Thanks

0 Kudos
7 Replies
McAfee Employee

Re: LDAP Authentication questions regarding browser pop-up

Hi Mike,

If you use "LDAP" authentication, this means the web gateway will have to use "basic" authentication which will prompt users. That is a fact of life.

Proxy-Authenticate: Basic realm="McAfee Web Gateway"

Most customers use NTLM so they can avoid the prompts. The use of NTLM, allows the browser to take care of the authentication for the user.

Proxy-Authenticate: NTLM

~Jon

0 Kudos
McAfee Employee

Re: LDAP Authentication questions regarding browser pop-up

To clarify the "Proxy-Authenicate" stuff, those are the headers sent by the proxy to indicate to the browser what kind of authentication can be used.

Mike, is there a reason you are not using NTLM?

~Jon

0 Kudos
nsgmike
Level 7

Re: LDAP Authentication questions regarding browser pop-up

Yes there is a reason, to long to disclose here, eventually we will be doing NTLM but it will not be for another year or two.

I had the LDAP working fine on my virtual machine using a proxy but now testing in my live environment the authentication box is not coming up.

0 Kudos
McAfee Employee

Re: LDAP Authentication questions regarding browser pop-up

...oh I get it now.

When you say:

"When a user opens a browser they never get prompted for the authentication box, when I put in their browser proxy settings and they open a browser they get prompted....."

Does this mean you are using WCCP and proxy?

~Jon

0 Kudos
nsgmike
Level 7

Re: LDAP Authentication questions regarding browser pop-up

No we are using Proxy HA

0 Kudos
McAfee Employee

Re: LDAP Authentication questions regarding browser pop-up

Could you clarify what is meant by:

"When a user opens a browser they never get prompted for the authentication box, when I put in their browser proxy settings and they open a browser they get prompted....."

To me this means,

"When a user opens a browser they never get prompted for the authentication box":

When I dont use the proxy, I dont get prompted.

"when I put in their browser proxy settings and they open a browser they get prompted....."

When I use the proxy, I get prompted.

If my interpretation is correct, then is your problem, that they get prompted using the proxy, or is it that you dont want to set the proxy settings? I was stuck on the LDAP prompts because of the title of the post.

If you dont want to enter proxy settings, typically this is done with GPO, otherwise other customers use things like WPAD.DAT via dns to distribute a pac file (auto-discovery). I'm no expert on that though, other community members might have more to say on that.

~Jon

0 Kudos
nsgmike
Level 7

Re: LDAP Authentication questions regarding browser pop-up

Yes management wants users to be prompted every time and then a 30 minute time quota established for that session.

I need the authentication box to prompt users. We are not doing NTLM.

0 Kudos