3 Replies Latest reply on Jul 23, 2015 10:10 AM by ivaylou

    NTLM Authentication without the prompt

    ivaylou

      Hey Guys,

      We are in a process of deploying MWG and we are configuring authentication with NTLM. The configuration works and users are being authenticated and if the browser doesn't support auth (safari) the user is being prompted to proide credentials.

      How do I disable that? I still want users to be prompted for creds, but if they are not provided automatically by the browser I do not want the users to be prompted for them.

       

      I am trying to work our a rule that would do that, but unfortunately there is no 'else' statement.

       

      Any ideas?

       

      Thanks

        • 1. Re: NTLM Authentication without the prompt
          c0rec0re

          Use something like that:

          Authentication.Authenticate<NTLM> equals false AND

          Authentication.Failed equals false

           

          It's a trick that makes authentication TRY, but if if fails, nothing will happen and no reauthentication request will be sent.

           

          But there can be another issue. When proxy asks about authentication, browser will not try logged in credentials and will make a pop-up window for user asking him to enter credentials. This is browser side issue. No ideas about safari, not using this.

          • 2. Re: NTLM Authentication without the prompt
            jebeling

            This is exactly what the try auth rulesets were designed to do. There are rulesets in the on box library under authentication.

            • 3. Re: NTLM Authentication without the prompt
              ivaylou

              We started configuring TRY authentication, but looking in McAfee's documentation for WCCP they recomend use Auth Server. I did not see anywhere stated that we can use Try Auth instead of Auth Server. I guess I am being extra careful not to over-complicate things or make our configuration non-standard and not supported.