Fastream Technologies wrote: > Hi Arno, > > On Fri, Dec 17, 2010 at 12:22 PM, Arno Garrels <arno.garr...@gmx.de> > wrote: > >> Fastream Technologies wrote: >>> Let's say the web server is listening on the IP 192.168.2.2. A >>> virtual server is an Apache term for two domains on the same IP >>> such as www.domain1.com and www.domain2.com . We want people who >>> log on to domain1 to be authenticated against NTLMdomain1 and >>> domain2 to NTLMdomain2. >> >> If you forward the request you have to forward the NTLM requests as >> well, authentication happens on the destination server and the proxy >> must not have membership in destination server's Windows domain. >> >> If the content is cached by the proxy and IF the proxy machine is a >> member of destination server's Windows domain I strongly _guess that >> it is not required to specify a domain target. Otherwise I guess that >> IF the proxy is not a member of destination server's Windows domain >> you have a problem that cannot be resolved easily. >> >> I wonder how you can sell a product with untested features. >> I suggest that you first setup different domain environments and test >> the product, you do not need much hardware for this, VMs will do. >> I guess there are even trial versions of Windows server editions >> available in case you don't have enough licenses. >> >> > We have already downloaded trial Win2008R2. Let me elaborate our > customers' needs: > > They want to authenticate the end users on the reverse proxy. I mean > the web server will not have authentication on! The reverse proxy > will first authenticate then connect to target web server and > GET/POST/HEAD... Actually IQP already does all these but only to the > AD domain the rproxy machine is logged on to. The customers have much > more complex environments, with multiple domains etc. They need to > have sales.company.com to be authenticated against the NTLM domain > "sales" and support.company.com to be authenticated against the NTLM > domain "support". The admin of the proxy will just assign the NTLM > domains to the URL Rules (HTTP domain names in this example) and it > should work--simply!
Are there any other proxy servers with such a feature available? I doubt that it is possible, but I'm not a specialist in Active Directory. What might work, for instance, if "sales" was a child domain of parent domain "company.com" and if clients authenticate with the domain target in user name like "sales.company.com\username" or "company.com\username", however even that depends on the domain setup AFAIK. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
