Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Proxy authentication problems for local, non-domain account

Posted on 2007-07-24
19
Medium Priority
?
673 Views
Last Modified: 2008-03-06
Hello,

When I login to my account which is defined on our corporate domain I find no problem connecting any software to the Internet after configuring it to go through our HTTP proxy, but when I login to an account that only exists locally on my PC I have to provide my domain user name and password to any proxy definition besides the IP and port, and here I encounter two problems:

1. Like the case in FlashGet, it keeps telling me that authentication failed on the proxy despite the fact that I provided the right values (I tested them successfully on other software like NOD32).
2. Some software just don't allow you to enter user name and password to proxy definition (the connection won't go of course)

Now my question is: isn't there a way to tell Windows that when any software tries to connect to the proxy the authentication credentials should be supplied automatically along with the proxy definition (IP and port)? Did anybody experienced the same situation I face with FlashGet and can explain why it's unable to authenticate against the proxy?

Thanx.
0
Comment
Question by:ymasri
  • 12
  • 6
19 Comments
 
LVL 31

Expert Comment

by:merowinger
ID: 19555823
Create a rule in your Proxy which allow Anonymous Access on this port which those program uses!
0
 
LVL 12

Accepted Solution

by:
zoofan earned 500 total points
ID: 19560000
I might suggest installing the MS firewall Client.  Which will allow you to configure account credentials with the proxy configuration



zf.
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19560039
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 

Author Comment

by:ymasri
ID: 19563520
merowinger,

Unfortunately there is a policy here that prevents doing this. Good suggestion anyway.

zoofan,

I'm using ZoneAlarm firewall on WinXP.  I'm not sure if we can use that instead of using the MS firewall client, do you know how to utilize ZA to do the same thing?
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19563547
Actually they do two different things,  ZA allows and blocks access to the network from applications,  the MS fw client captures all applications request for network access and directs them to the proxy instead of using the configured default gateway and dns(non geek terms, its a system wide proxy setting).  Zone alarm would stay put and will need to be configured to allow the fw client out.

Hope this makes sense.

More help if you need it.

zf
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19563563
The FW client IS NOT a firewall,  it is an interface to the the Firewall(in this case the proxy/ISA)

zf
0
 

Author Comment

by:ymasri
ID: 19564403
Alright, I installed the ISA client and it indicated to me it's connected (the up green arrow), but when I configured FlashGet to use a direct connection (without proxy because the ISA client should pipe it to the proxy), I could not connect to the site.

Also I noticed that the ISA client did not ask for user and password, how it will pass anything to the proxy without authentication?!

Thanks
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19564468
Did you configure the FW cleint settings on the server?  

Excellent tutorial on the FW

http://www.isaserver.org/articles/2004olpop3smtp.html

and site a great resource for isa

zf
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19564517
Also may need to note

http://support.microsoft.com/kb/323457


zf
0
 

Author Comment

by:ymasri
ID: 19564916
Yes, as I said the client is connected now.

I tried to execute:

FwcCreds flashget.exe /s <username> <domain> [password]

and checked it using:

FwcCreds flashget.exe /r

and the new credintials were successfully configured, but the same problem exists; FlashGet just can't connect to the destination. Any ideas?
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19564973
One more at the mooment, still looking into Flashget

Did you restart all the services for ISA,  any changes made on that end should always be followed up with a service restart.


zf
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19565033
Which protocols have you configured FlashGet to use? and do you have protocol rules set up to allow that traffic and content is ISA?.


zf
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19565042
I assume youve read and tried this?

http://www.flashget.com/en/faq002.htm


zf
0
 

Author Comment

by:ymasri
ID: 19565112
ISA services? should that be from the ISA server itself?

I really appreciate your efforts with me.  I just can't imagine the moment when my download manager starts to work.

Awaiting for anything on FG
0
 

Author Comment

by:ymasri
ID: 19565146
So what I have to do now is enabling basic authentication on the ISA server itself right?
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19565160
ISA service can be restarted remotly with admin rights,  computer managment,  but yes all intensive purposes at the server,  either in the service managment or the ISA console server/monitering/services right click stop and the start.

Restart both the "web" and "Firewall" services.


I agree and hope that to all the efforts of us both it works!!

I do need to step out for a bit but will check back with you.l

zf
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19565180
Am not sure Id be in a hurry to do that as it forces sending username and passwords over the network unencrpyted.

When I get to work i will load FlashGet on a test box and run it behind my ISA server if you havnt got it going by the time I get back.

zf
0
 

Author Comment

by:ymasri
ID: 19565483
I'm getting away from the question's scope, I'm tried DAP and it's making a direct connection without authentication or even proxy information at all.

Thanks chum for the great solution.
0
 
LVL 12

Expert Comment

by:zoofan
ID: 19565494
Glad I could help some,


zf
0

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article covers five tools all IT professionals should know about, as they up productivity by a great deal!
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question