User Proxy Settings

Would you mind putting a few more words around your current login configuration and particularly around how folks are assigned credentials and log in and out, as this (ignoring the (I assume) web proxies entirely) looks like there are security issues here.

I don't care where the credentials are coming from; not right now.

How do folks log in? Your first posting implies some sort of session sharing. Are there unique users?

And what's the (web, I assume) proxy server here, and how does that authenticate?

Microsoft ISA can authenticate via various means including your mentioned AD, Kerberos and various LDAP schemes, which implies there's a problematic authentication means here or there's a misconfiguration of some sort. This particularly if the users are re-using previous credentials; that's (badness) occurring out at the ISA box.

I'm not an ISA expert, and I'm not at all current on Microsoft technologies. You might want to check in a more Microsoft-focused forum, and particularly search for discussions of operating ISA with Linux (yes, Linux), Unix, or Mac OS X clients; with non-Microsoft platforms.

Based on some digging, it looks like MCX might be your path forward if you want to get Mac OS X hard-wired with these and not go near the ISA box configuration; the 10.6 Proxies set-up does provide for proxy credentials, and the path into that storage (if you're auto-configuring) is usually via the user's input or via MCX.

This possibly in conjunction with the [WPAD proxy autoconfiguration|http://tips4macosx.blogspot.com/2009/07/use-web-proxy-auto-di scovery-in-safari.html] setting. (And there's an interesting thread [here|http://forums.isaserver.org/m 2002033963/mpage_1/key/tm.htm#2002033963] related to proxy authentication)

Check with the Microsoft ISA folks and forums, too. This can't be the first time they've encountered Linux (and I'd start there, with this question; most any "foreign" system OS will do for the purposes of the initial question) or Mac OS X boxes.

There is no problem with the ISA server. We have the same issue. The problem is that OSX server does not seem to allow you to add authentication settings when adding a Web Proxy to either users or machines.

We have introdued an XServe into our windows network recently and are having the same problem. The windows machines have a group policy to enforce the web-proxy authentication comes from their domain logon which they use to login into the machine.

Though our OD is bound to the AD and the users use their AD domain logons for the macs also, I can't find a way to auto-authenticate the users to the web-proxy. When they open a browser, because their machine or accounts are set to connect to WAN through the proxy, they get a request to authenticate.

Anyone know how to solve this problem?

Jimi,

We are currently facing the same dilemma. Macs authenticate via AD and are managed with the OD. I would be really curious if you have found a way around this. I tried to use WGM to set a Login option, using an item which was essentially the PAC file URL. WGM has an option to "Authenticate a selected share-point with the user's login name and password". This has worked in the past for mounting shares but not with auto authenticating a proxy. If you have any ideas I would greatly appreciate hearing them.