cancel
Showing results for 
Search instead for 
Did you mean: 
ivaylou
Level 7

NTLM Authentication without the prompt

Hey Guys,

We are in a process of deploying MWG and we are configuring authentication with NTLM. The configuration works and users are being authenticated and if the browser doesn't support auth (safari) the user is being prompted to proide credentials.

How do I disable that? I still want users to be prompted for creds, but if they are not provided automatically by the browser I do not want the users to be prompted for them.

I am trying to work our a rule that would do that, but unfortunately there is no 'else' statement.

Any ideas?

Thanks

0 Kudos
3 Replies
c0rec0re
Level 7

Re: NTLM Authentication without the prompt

Use something like that:

Authentication.Authenticate<NTLM> equals false AND

Authentication.Failed equals false

It's a trick that makes authentication TRY, but if if fails, nothing will happen and no reauthentication request will be sent.

But there can be another issue. When proxy asks about authentication, browser will not try logged in credentials and will make a pop-up window for user asking him to enter credentials. This is browser side issue. No ideas about safari, not using this.

0 Kudos
McAfee Employee

Re: NTLM Authentication without the prompt

This is exactly what the try auth rulesets were designed to do. There are rulesets in the on box library under authentication.

0 Kudos
ivaylou
Level 7

Re: NTLM Authentication without the prompt

We started configuring TRY authentication, but looking in McAfee's documentation for WCCP they recomend use Auth Server. I did not see anywhere stated that we can use Try Auth instead of Auth Server. I guess I am being extra careful not to over-complicate things or make our configuration non-standard and not supported.

0 Kudos