This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP Proxy incompatible with Windows Server 2003

Hello,

I just turned on Active Directory authentication for the HTTP Proxy on my Astaro box and it works great with all my network clients.
There is only a (big) problem:

my Internal Windows 2003 Servers, two domain controllers and a member server, which are allowed to use the proxy, even if I set the proxy manually in internet explorer settings, bypass it. The traffic is then redirected to the default gateway (Astaro box) that denies (from packet filter).
Since i need my web traffic to pass through the proxy i made a lot of analysis and I tought it could be an incompatibility between the astaro authentication protocols and the windows server 2003 security settings but i don't know which setting I have to change.

Could please help me?

Thank you in advance

This thread was automatically locked due to age.

Parents

0 bbb_01 over 20 years ago

Astaro Knowledgebase says:

How to surf from a Domain-Controller with NTLM-Authentification Product Version: 5.023 and newer

Task:
Up to the enhanced security policy of a DCC the NTLM-Authentification method on Astaro Security Linux does not work directly from the Domain-Controller itself. The same may refer to a Windows-Terminal-Server.
In order to use the NTLM-Authentification method for your HTTP-Proxy you need to change the security settings as follows:

Steps:
Domain Controller
Click Start > Programs > Administrative Tools
Click on Domain Security Policy
Expand Security Settings + Domain Policy + Security Options
Scroll down to 'Network Security: Lan manager authentication level'
Change this to 'Send LM & NTLM - use NTLMv2 session security if negotiated'
Standalone

Click Start > Programs > Administrative Tools
Click on Local Security Policy
Expand Security Settings + Local Policy + Security Options
Scroll down to 'Network Security: Lan manager authentication level'
Change this to 'Send LM & NTLM - use NTLMv2 session security if negotiated'
The rest of the settings are the same (see KB: 115079).
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 bbb_01 over 20 years ago

Astaro Knowledgebase says:

How to surf from a Domain-Controller with NTLM-Authentification Product Version: 5.023 and newer

Task:
Up to the enhanced security policy of a DCC the NTLM-Authentification method on Astaro Security Linux does not work directly from the Domain-Controller itself. The same may refer to a Windows-Terminal-Server.
In order to use the NTLM-Authentification method for your HTTP-Proxy you need to change the security settings as follows:

Steps:
Domain Controller
Click Start > Programs > Administrative Tools
Click on Domain Security Policy
Expand Security Settings + Domain Policy + Security Options
Scroll down to 'Network Security: Lan manager authentication level'
Change this to 'Send LM & NTLM - use NTLMv2 session security if negotiated'
Standalone

Click Start > Programs > Administrative Tools
Click on Local Security Policy
Expand Security Settings + Local Policy + Security Options
Scroll down to 'Network Security: Lan manager authentication level'
Change this to 'Send LM & NTLM - use NTLMv2 session security if negotiated'
The rest of the settings are the same (see KB: 115079).
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BrucekConvergent over 20 years ago in reply to bbb_01

and run GPUPDATE if you want those policies applied to the DCs immediately.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel