Not to get too far OT, but whenever I have a machine that doesn't have the ISA firewall client, I get credential prompts with ISA (when it's configured for specific user/group access lists, etc).
>From the Firewall Client for ISA Server Download: http://www.microsoft.com/downloads/details.aspx?FamilyID=05C2C932-B15A-4990- B525-66380743DA89&displaylang=en "...Firewall Client sends user information transparently with each request, enabling you to create a firewall policy on the ISA Server computer with rules that use the authentication credentials presented by the client." I'd use pfSense any day of the week over ISA, even if it meant they had to use credential prompts. Bottom line: if eliminating credential prompts is an absolute must, ISA can do it for sure. pfSense, not yet ;) Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com -----Original Message----- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Tuesday, April 21, 2009 3:35 PM To: support@pfsense.com Subject: Re: [pfSense Support] Can captive portal authenticate based on windows login On Tue, Apr 21, 2009 at 3:46 PM, Dimitri Rodis <dimit...@integritasystems.com> wrote: > Microsoft Internet Security and Acceleration Server (ISA Server), and you > need to have AD. > > I've used it, but only in this particular case. I do not know of anything in > the open source world that works reliably specifically the way you want it > to. (That is not to say that nothing exists, I just may not know about it). > With respect to ISA, there is a client installation (aka Firewall Client) > that is required to make the authentication transparent--without it, it > would work just like pfSense would-- with RADIUS against AD, and the user > would have to enter credentials manually. > Not exactly, so long as you're using IE it'll pass through credentials automatically. The firewall client is so you don't have to configure all your applications to use a proxy, it automatically picks up any traffic not destined to your internal networks (as defined in ISA) and pushes it through the proxy. Works well in the environments I use it. ISA is a good proxy. I personally don't like it as a perimeter firewall, and it can be buggy (2006 is much better than 2004 and 2000, though still quirky at times), but its proxy functionality in a Windows environment is great. The reverse proxy is also nice if you use OWA and/or OMA with Exchange. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
smime.p7s
Description: S/MIME cryptographic signature