If the PC which is not in the domain has WINS configured via DHCP you should
also be able to use Kerberos with user_at_DOMAIN and domain password in the
popup.
Markus
"Delton" <delton_at_bnpapel.com.br> wrote in message
news:51954355.1000905_at_bnpapel.com.br...
> Guys,
>
> I ran some more tests.
> Only authentication with 'Basic' - worked on devices inside and outside
> the domain, but asks for password;
> With only authentication 'Kerberos' - worked in the domain and does not
> prompt for password;
> Authentication 'Kerberos' and 'Basic':
> 1 - worked in the domain but asked the password out of the domain;
> 2 - out of the domain in 'Internet Explorer' without integrated
> authentication in the format DOMAIN\user worked;
> 3 - adding the 'auth_param negotiate keep_alive off' option, worked in
> Firefox and worked in 'Internet Explorer' with the integrated
> authentication option checked.
>
> In short, adding the option 'auth_param negotiate keep_alive off' worked.
> In Firefox you can simply enter the username and password and the
> 'Internet Explorer' is necessary to inform DOMAIN\user.
>
> Em 15/05/2013 22:12, Brett Lymn escreveu:
>> On Wed, May 15, 2013 at 10:00:18PM -0300, Carlos Defoe wrote:
>>> As far as i know, the only auth mech that will prompt for password is
>>> the basic one, so you're not enabling one per time.
>>>
>> I believed that IE will prompt credentials when using NTLM
>> iff the machine is not part of the domain. It also seems that it will
>> prompt if the proxy is configured for kerberos and basic auth but the
>> machine is not part of the domain so kerberos won't work, in this case
>> the authentication never succeeds (hence why I suggested turning off
>> IWA). Not sure if this behaviour is a bug or desired behaviour.
>>
>
>
Received on Thu May 16 2013 - 23:17:22 MDT
This archive was generated by hypermail 2.2.0 : Fri May 17 2013 - 12:00:07 MDT