Hi Arno, On Fri, Dec 17, 2010 at 12:22 PM, Arno Garrels <arno.garr...@gmx.de> wrote:
> Fastream Technologies wrote: > > Let's say the web server is listening on the IP 192.168.2.2. A virtual > > server is an Apache term for two domains on the same IP such as > > www.domain1.com and www.domain2.com . We want people who log on to > > domain1 to be authenticated against NTLMdomain1 and domain2 to > > NTLMdomain2. > > If you forward the request you have to forward the NTLM requests as well, > authentication happens on the destination server and the proxy must not > have membership in destination server's Windows domain. > > If the content is cached by the proxy and IF the proxy machine is a > member of destination server's Windows domain I strongly _guess that > it is not required to specify a domain target. Otherwise I guess that > IF the proxy is not a member of destination server's Windows domain > you have a problem that cannot be resolved easily. > > I wonder how you can sell a product with untested features. > I suggest that you first setup different domain environments and test > the product, you do not need much hardware for this, VMs will do. > I guess there are even trial versions of Windows server editions available > in case you don't have enough licenses. > > We have already downloaded trial Win2008R2. Let me elaborate our customers' needs: They want to authenticate the end users on the reverse proxy. I mean the web server will not have authentication on! The reverse proxy will first authenticate then connect to target web server and GET/POST/HEAD... Actually IQP already does all these but only to the AD domain the rproxy machine is logged on to. The customers have much more complex environments, with multiple domains etc. They need to have sales.company.com to be authenticated against the NTLM domain "sales" and support.company.com to be authenticated against the NTLM domain "support". The admin of the proxy will just assign the NTLM domains to the URL Rules (HTTP domain names in this example) and it should work--simply! Regards, SZ -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
