C
CHANGE USERNAME TO westes
I'm having some configuration issues with a Microsoft Proxy Server 2.0 that
I would like help resolving.
The proxy server is configured to authenticate each user request, and
permissions to reach the Internet for various protocols is granted only to
specific userids in the Windows domain. What we are noticing is that any
time we turn off NetBIOS over TCP, the proxy server cannot authenticate
*any* user. Is NetBIOS over TCP really required for Windows 2000
authentication? If not, how can we get authentication to work when NetBIOS
over TCP is turned off?
The most serious problem with leaving NetBIOS over TCP turned on for the
internal ethernet segment is that our firewall is seeing nbname requests
going out from our proxy server every time there is a traceroute from the
console of the proxy server. Apparently Windows tries to do an nbname
lookup prior to doing a DNS lookup using pure IP. Those requests are
getting routed to the external interface with the internal IP address of our
proxy server showing as the source ID on the packet!! Of course we can
trap those packets on the firewall and drop them, but I still don't want
them going out at all. Is there a trick to confining nbname lookups to
the internal interface and preventing those lookups from heading outbound on
the external ethernet segment of the proxy server?
I would like help resolving.
The proxy server is configured to authenticate each user request, and
permissions to reach the Internet for various protocols is granted only to
specific userids in the Windows domain. What we are noticing is that any
time we turn off NetBIOS over TCP, the proxy server cannot authenticate
*any* user. Is NetBIOS over TCP really required for Windows 2000
authentication? If not, how can we get authentication to work when NetBIOS
over TCP is turned off?
The most serious problem with leaving NetBIOS over TCP turned on for the
internal ethernet segment is that our firewall is seeing nbname requests
going out from our proxy server every time there is a traceroute from the
console of the proxy server. Apparently Windows tries to do an nbname
lookup prior to doing a DNS lookup using pure IP. Those requests are
getting routed to the external interface with the internal IP address of our
proxy server showing as the source ID on the packet!! Of course we can
trap those packets on the firewall and drop them, but I still don't want
them going out at all. Is there a trick to confining nbname lookups to
the internal interface and preventing those lookups from heading outbound on
the external ethernet segment of the proxy server?