Firewall Wizards mailing list archives
Re: NTLM authentication from DMZ
From: Volker Tanger <volker.tanger () discon de>
Date: Tue, 17 Sep 2002 13:36:53 +0200
Greetings! miha () nil si wrote:
I am trying to set up a WebSweeper proxy in the DMZ, and enable NTLM authentication on it. Since it is not server in the domain, I guess it needs to communicate with a DC, so it can Authenticate the users as they request pages form the proxy.
You need to make the WebSweeper a member of the WinNT-Domain in the LAN. For this you need NBT (nbname / nbsession) plus probably MS-RPCs for SAM sync (not sure on the latter) in both directions. As DMS probably is a separate (non-broadcast) network you'll need a WINS server in the LAN.
Basically having NTLM auth from DMZ is not such a good idea. Better place an MS-Proxy/ISA in your LAN for authentication and cascade this to the (then unauthenticated) WebSweeper in the DMZ. This way you can leave the DMZ machine (more or less) completely separated.
Bye Volker Tanger IT-Security Consulting -- discon gmbh WrangelstraĆe 100 D-10997 Berlin fon +49 30 6104-3307 fax +49 30 6104-3461 volker.tanger () discon de http://www.discon.de/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- NTLM authentication from DMZ miha (Sep 17)
- Re: NTLM authentication from DMZ Volker Tanger (Sep 17)
- Re: NTLM authentication from DMZ Jan van Rensburg (Sep 18)
- RE: NTLM authentication from DMZ Ben Nagy (Sep 19)
- RE: NTLM authentication from DMZ Frank Knobbe (Sep 19)
- RE: NTLM authentication from DMZ Ben Nagy (Sep 20)
- RE: NTLM authentication from DMZ Frank Knobbe (Sep 20)
- Re: NTLM authentication from DMZ Jan van Rensburg (Sep 18)
- Re: NTLM authentication from DMZ Volker Tanger (Sep 17)
- Re: NTLM authentication from DMZ Mikael Olsson (Sep 20)
- <Possible follow-ups>
- RE: NTLM authentication from DMZ Noonan, Wesley (Sep 20)
- RE: NTLM authentication from DMZ Dawes, Rogan (ZA - Johannesburg) (Sep 20)
- RE: NTLM authentication from DMZ Bill Royds (Sep 21)