https://community.cisco.com/t5/application-networking/ldap-authentication-transparency/m-p/211422#M2769 <HTML><HEAD></HEAD><BODY><P></P><P>No, basically the answer is Internet Explorer supports the use of pass through NTLM from the base operating system (XP/2000), no such method exists for LDAP (ADS) as it relies on the Kerberos tokens being issues and recognised by the the proxy device which the CE's currently don't support. You can do LDAP/ADS authentication if your using websense on box by relying on the Websense LDAP/ADS authentication which does work.</P><P></P><P>I did a fare amount of digging on this before I recieved confirmation that its not supported. The other potential gotcha is 2003 Server uses NTLMv2 by default if you plan on using that root. In the end my customer was happy to stick with the popup box as a potential security measure.</P><P></P><P>Mark</P></BODY></HTML> Wed, 31 Mar 2004 14:28:27 GMT mark.duffy 2004-03-31T14:28:27Z https://community.cisco.com/t5/application-networking/ldap-authentication-transparency/m-p/211421#M2768 <P>Hi does anyone know if the content engine allows users to transparently authenticate using ldap through the browser. The NTLM method states that you can log onto a domain and web requests willbe authenticated without popup windows. Can you get the same to work with LDAP?</P><P></P><P>I have LDAP working at the moment as it authenticates users all the time. But I would like it only to popup a window if a user has not logged onto the domain.</P> Mon, 29 Mar 2004 12:46:27 GMT https://community.cisco.com/t5/application-networking/ldap-authentication-transparency/m-p/211421#M2768 adrian.watmough 2004-03-29T12:46:27Z https://community.cisco.com/t5/application-networking/ldap-authentication-transparency/m-p/211422#M2769 <HTML><HEAD></HEAD><BODY><P></P><P>No, basically the answer is Internet Explorer supports the use of pass through NTLM from the base operating system (XP/2000), no such method exists for LDAP (ADS) as it relies on the Kerberos tokens being issues and recognised by the the proxy device which the CE's currently don't support. You can do LDAP/ADS authentication if your using websense on box by relying on the Websense LDAP/ADS authentication which does work.</P><P></P><P>I did a fare amount of digging on this before I recieved confirmation that its not supported. The other potential gotcha is 2003 Server uses NTLMv2 by default if you plan on using that root. In the end my customer was happy to stick with the popup box as a potential security measure.</P><P></P><P>Mark</P></BODY></HTML> Wed, 31 Mar 2004 14:28:27 GMT https://community.cisco.com/t5/application-networking/ldap-authentication-transparency/m-p/211422#M2769 mark.duffy 2004-03-31T14:28:27Z