Fastream Technologies wrote:
> Hi Arno,
> On Fri, Dec 17, 2010 at 12:22 PM, Arno Garrels <>
> wrote: 
>> Fastream Technologies wrote:
>>> Let's say the web server is listening on the IP A
>>> virtual server is an Apache term for two domains on the same IP
>>> such as and . We want people who
>>> log on to domain1 to be authenticated against NTLMdomain1 and
>>> domain2 to NTLMdomain2.
>> If you forward the request you have to forward the NTLM requests as
>> well, authentication happens on the destination server and the proxy
>> must not have membership in destination server's Windows domain.
>> If the content is cached by the proxy and IF the proxy machine is a
>> member of destination server's Windows domain I strongly _guess that
>> it is not required to specify a domain target. Otherwise I guess that
>> IF the proxy is not a member of destination server's Windows domain
>> you have a problem that cannot be resolved easily.
>> I wonder how you can sell a product with untested features.
>> I suggest that you first setup different domain environments and test
>> the product, you do not need much hardware for this, VMs will do.
>> I guess there are even trial versions of Windows server editions
>> available in case you don't have enough licenses.
> We have already downloaded trial Win2008R2. Let me elaborate our
> customers' needs:
> They want to authenticate the end users on the reverse proxy. I mean
> the web server will not have authentication on! The reverse proxy
> will first authenticate then connect to target web server and
> GET/POST/HEAD... Actually IQP already does all these but only to the
> AD domain the rproxy machine is logged on to. The customers have much
> more complex environments, with multiple domains etc. They need to
> have to be authenticated against the NTLM domain
> "sales" and to be authenticated against the NTLM
> domain "support". The admin of the proxy will just assign the NTLM
> domains to the URL Rules (HTTP domain names in this example) and it
> should work--simply! 

Are there any other proxy servers with such a feature available? 
I doubt that it is possible, but I'm not a specialist in Active 

What might work, for instance, if "sales" was a child domain of parent
domain "" and if clients authenticate with the domain 
target in user name like "\username" or 
"\username", however even that depends on the domain
setup AFAIK.

Arno Garrels 

To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to