On 9/13/04 7:48 PM, "bruce" <[EMAIL PROTECTED]> wrote:

> We tested this this morning... had to use wdn/username with an older
> version of MSIE under OS9... wouldn't work otherwise.
> In order to connect to the student server WEB site using Safari
> I had to use wdn/username as well. This is different to the
> authentication process that is needed to connect to the proxy. Can't
> remember which was around that is and can't test because I am currently
> outside the network but I seem to remember it was the same for Safari
> but under IE a separate Windows Domain Name option popped up.
> 
> 
> Just to review our settings for AUTHOXY...
> ..The Authoxy proxy -> settings are JUST username password
Yes
> ..Prompt for credentials is NOT enabled
Yes
> ..Remote Proxy Details are
> ..Use this server -> 172.16.1.1 Port 80 Note the use of the IP address
> ..not a name that must be resolved. Your address will be 10.2.0.2
Yes, 10.2.0.2:8080
> ..Authoxy in this case is set to run on port 8080.
I am set up for 8081, just to be sure there's no conflict
> ..By the way  under normal use we don't write debugging info.
Right
> 
> 
> The NTLM section
> ..ENABLED
Yes
> ..Just the Windows Domain Name - in our case "curriculum"
Main
> ..Host/workstation 172.16.1.1 (again yours will be 10.2.0.2)
10.2.0.2
> 
> Thats all for authoxy
> 
> 
> In your NETWORK settings -> TCP/IP, you will be using Manual IP address
> from memory 10.2.0.x where x is neither 1 nor 2 !!!
My fixed IP address is 10.2.2.44
> the mask should be 255.0.0.0, or perhaps 255.255.0.0, try the first one.
255.255.248.0, I'll try 255.255.0.0.....same delay
> The router will be 10.2.0.2
Yes
> 
> TAKE OUT THE DNS ENTRY all together..
OK...same delay (each time I change something in Authoxy I am stop/starting
it, each time I change Network I am "apply"ing)
> OR try putting 10.2.0.2 before the DNS entry of 10.2.0.1
Same delay
> OR deleting 10.2.0.1
Same delay

> 
> I agree with your Admin chap. this does and has always sounded like
> a DNS timeout, but why and whats causing it is the question because
> at this stage, you shouldn't be interacting with a DN server.
> 
> Just as a matter of interest, is your domain name server (10.2.0.1)
> a Windows or Unix/Linux machine. This is important if the Windows

Windows

> Name Server is trying to validate your name and update itself ( a stupid
> and dangerous windows option that everybody else bans) and the updating
> process is trying to check to see if you have already authenticated before
> you have actually successfully authenticated... In this case I
> would take out your link to the domain name server altogether and if
> necessary put a domain name server from the outside world in its place.
> This action by definition will force all DNS transactions out through the
> proxy
> server which is what you want. Try 203.50.2.71 in the DNS entry...

With the outside DNS server, the delay persists, but it still went through
OK. Which actually I was surprised at that, because I thought all IP access
was proxied for us, including DNS... I'll check on that.

--Steve

> this is a large main DNS server within the major Telecoms company here in
> Australia and should be fast enough to test with. A local one will
> be quicker but only by a few millseconds assuming that the piece of wire
> between the US and Australia is intact!!!
> 
> Must get back to work.
> 
> Cheers,
> Bruce.
> 
> 
> 
> 
>> If I use MBBC/username, the authentication does NOT go through. If I just
>> use username, it goes through, albeit with a delay. Successful
>> authentication or not, there's a delay at Step 2.
>> 
>> Is it possible that Authoxy is not reading my "bypass these domains"
>> settings (one of which is 10.2.0.*) in the Network control panel for part of
>> Step 2, and it's waiting for some non-essential connection (DNS?) to occur,
>> and when the connection times out (120 seconds), it just proceeds on with a
>> successful proxy connection? My DNS server is 10.2.0.1 (specifically entered
>> in my Network control panel), and the proxy server is 10.2.0.2. My sysadmin
>> said it sounded like a possible DNS server timeout.
>> 
>> It's curious that almost anything entered in the NTLM window for Domain
>> (even something nonsense like "lklkjlkj") will still allow a successful
>> proxy connection, as long as it's not blank. If Domain _is_ blank, I get "No
>> authentication challenge in NTLM authentication Step 4. Giving up."
>> Host/workstation seems totally irrelevant, whether blank or not blank.
>> 
>> OK that's enough sleuthing for today, gotta get back to work.
>> 
>> --Steve
>> 
>> 
>> On 9/12/04 5:48 AM, "bruce" <[EMAIL PROTECTED]> wrote:
>> 
>>> Using Safari, the girls at our school have to login using the following
>>> format,
>>> 
>>> WindowsDomainName/UserName
>>> password
>>> 
>>> Is this the format that you are using?
> 
> 
> 

Reply via email to