Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Communicating with Microsoft Proxy Servers Network
Like a lot of OS X users on NT or Windows 2000 with ISA Server, I had a problem with authenticating behind a MS Proxy Server. Every time I used Explorer, I had to authenticate my user name and password. On top of that, programs like Software Update, Quicken and Watson could not communicate correctly.

Our IT person found that the Mac was not creating a session with the Proxy Server even though Macs were supposed to be able to communicate as a secured NAT client. However, there is a simple work around that has corrected these problems.

On the Proxy server, allow the leased or static IP address for the Mac to fully "open up" to the proxy. This allows the Mac to communicate directly with the Proxy, thus allowing the Mac to communicate as a secured NAT client. Once this happens, all the programs communicate with the Proxy Server and they no longer have to authenticate with every use. Since we have done this, I have not had to authenticate Explorer.

Thought that this might be of service to someone.
    •    
  • Currently 2.25 / 5
  You rated: 3 / 5 (4 votes cast)
 
[6,224 views]  

Communicating with Microsoft Proxy Servers | 5 comments | Create New Account
Click here to return to the 'Communicating with Microsoft Proxy Servers' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
what does
Authored by: rwintheiser on May 17, '02 04:52:42PM

I don't always have problems with my proxy server but sometimes.... whew! As a non IT person, which needs to help my IT guys, what does Open Up the proxy mean?

TIA



[ Reply to This | # ]
what does
Authored by: mgmcotton on May 24, '02 11:20:41AM

Sorry for the confusion in terms but that is how our IT guys talk. So here is , what I hope, is a clearer explanation. Go to the ISA Server Management program. Under Access Policy add the Mac Users identity.

Under Action Tab check allow
Under Protocol Tab Rule Applies TO ALL TRAFFIC
Under Schedule set up for always
Under Applies check Client Sets Specified Below then
add user under Client Sets and

Then highlight user and add I.P address From and to . ie. 10.0.0.200 is set: From 10.0.0.200 to 10.0.0.200.

Then apply.

The problem is that Macs do not access the Proxy Server as a client thus the Proxy Server does not allow all traffic from the Mac. This way the Proxy Server is told to allow the computer user with the set ID and IP address to communicate with the Proxy Server. Thus if one has a desktop and a notebook, an id on Access Policy for each computer. This is because both the Desktop and Notebook cannot have the same user name or IP address.

Hope this clears up my first email.



[ Reply to This | # ]
what does
Authored by: PStratford on Jun 19, '02 07:48:19AM

Urk. That would worry me immediately.
I would recommend that anyone running OS X with the ports open on ISA should responsibly lock down there Mac using Brickhouse or one of the other firewall utils.
Although ISA is very good and will repel most attacks you are significantly increasing your machines availabilty.

It may be worth asking your tech guys if you actually have to have ISA set up to validate it's users on your internal network (you may have a good operational reason for this). If not then instead of having everything wide open there could still be a Mac Users client set but with access restricted to everything but the protocols that are needed (probably only http, ftp, sntp and pop/smtp/imap if you're getting external mail).
Trivial to set up for your ISA techie.



[ Reply to This | # ]
Communicating with Microsoft Proxy Servers
Authored by: zellpharm on May 02, '04 10:57:03PM

I thought I would add in my $.02 worth here. I know this article is a bit old but anyone searching for the solution just might end up reading this.

So here goes:

You CAN authenticate again an MS proxy server in any application that will ask for the at least the username password. Internet Explorer has an NTLM module built-in that will allow you to authenticate with username, password and domain. This last bit is the real clincher. How do you authenticate to a domain with only a username/password dialog?

Solution:

Enter your domain as part of the username like this:
domain\username

Problem solved.

In Mac OS X Panther, Apple was added authentication to proxy servers down to the network level where it belongs. The same trick applies to Panther for domain authentication. Eventually Apple will probably add NTLM authentication (send them that feedback!) but in the meantime this works.



[ Reply to This | # ]
Communicating with Microsoft Proxy Servers
Authored by: NigelOvens on Feb 10, '05 08:46:23AM

I wish this DID solve the problem. Neither Safari, nor any iApp will work over our MS network. I have tried every permutation of DOMAIN\username,
DOMAIN/username, username@domain.com .net .co.uk .org .sch.uk and so and to NO avail.

I have to use FireFox because at least it asks me for my username and password, which Safari does not.

Nigel



[ Reply to This | # ]