If the PC which is not in the domain has WINS configured via DHCP you should
also be able to use Kerberos with user@DOMAIN and domain password in the
popup.
Markus
"Delton" <del...@bnpapel.com.br> wrote in message
news:51954355.1000...@bnpapel.com.br...
Guys,
I ran some more tests.
Only authentication with 'Basic' - worked on devices inside and outside
the domain, but asks for password;
With only authentication 'Kerberos' - worked in the domain and does not
prompt for password;
Authentication 'Kerberos' and 'Basic':
1 - worked in the domain but asked the password out of the domain;
2 - out of the domain in 'Internet Explorer' without integrated
authentication in the format DOMAIN\user worked;
3 - adding the 'auth_param negotiate keep_alive off' option, worked in
Firefox and worked in 'Internet Explorer' with the integrated
authentication option checked.
In short, adding the option 'auth_param negotiate keep_alive off' worked.
In Firefox you can simply enter the username and password and the
'Internet Explorer' is necessary to inform DOMAIN\user.
Em 15/05/2013 22:12, Brett Lymn escreveu:
On Wed, May 15, 2013 at 10:00:18PM -0300, Carlos Defoe wrote:
As far as i know, the only auth mech that will prompt for password is
the basic one, so you're not enabling one per time.
I believed that IE will prompt credentials when using NTLM
iff the machine is not part of the domain. It also seems that it will
prompt if the proxy is configured for kerberos and basic auth but the
machine is not part of the domain so kerberos won't work, in this case
the authentication never succeeds (hence why I suggested turning off
IWA). Not sure if this behaviour is a bug or desired behaviour.
