Hi, We just need to use the AD domain server as a user database to authenticate users according to the domain sets IQP admin desires. I believe there should be a way to connect to AD directory server and ask if domain\usern...@password is valid or not! (the syntax may be different but I guess you get what I mean).
Regards, SZ On Fri, Dec 17, 2010 at 7:26 PM, Arno Garrels <arno.garr...@gmx.de> wrote: > Fastream Technologies wrote: > > Hi Arno, > > > > On Fri, Dec 17, 2010 at 12:22 PM, Arno Garrels <arno.garr...@gmx.de> > > wrote: > > > >> Fastream Technologies wrote: > >>> Let's say the web server is listening on the IP 192.168.2.2. A > >>> virtual server is an Apache term for two domains on the same IP > >>> such as www.domain1.com and www.domain2.com . We want people who > >>> log on to domain1 to be authenticated against NTLMdomain1 and > >>> domain2 to NTLMdomain2. > >> > >> If you forward the request you have to forward the NTLM requests as > >> well, authentication happens on the destination server and the proxy > >> must not have membership in destination server's Windows domain. > >> > >> If the content is cached by the proxy and IF the proxy machine is a > >> member of destination server's Windows domain I strongly _guess that > >> it is not required to specify a domain target. Otherwise I guess that > >> IF the proxy is not a member of destination server's Windows domain > >> you have a problem that cannot be resolved easily. > >> > >> I wonder how you can sell a product with untested features. > >> I suggest that you first setup different domain environments and test > >> the product, you do not need much hardware for this, VMs will do. > >> I guess there are even trial versions of Windows server editions > >> available in case you don't have enough licenses. > >> > >> > > We have already downloaded trial Win2008R2. Let me elaborate our > > customers' needs: > > > > They want to authenticate the end users on the reverse proxy. I mean > > the web server will not have authentication on! The reverse proxy > > will first authenticate then connect to target web server and > > GET/POST/HEAD... Actually IQP already does all these but only to the > > AD domain the rproxy machine is logged on to. The customers have much > > more complex environments, with multiple domains etc. They need to > > have sales.company.com to be authenticated against the NTLM domain > > "sales" and support.company.com to be authenticated against the NTLM > > domain "support". The admin of the proxy will just assign the NTLM > > domains to the URL Rules (HTTP domain names in this example) and it > > should work--simply! > > Are there any other proxy servers with such a feature available? > I doubt that it is possible, but I'm not a specialist in Active > Directory. > > What might work, for instance, if "sales" was a child domain of parent > domain "company.com" and if clients authenticate with the domain > target in user name like "sales.company.com\username" or > "company.com\username", however even that depends on the domain > setup AFAIK. > > -- > Arno Garrels > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
