Single sign on via network connection



  • 1. Internet Lock locks out Lan on ZoneAlarm Pro 4.0
    Hi, When the Internet Lock on ZoneAlarm Pro 4.0 is enabled, it not only locks out the Internet but the LAN connection too. I thought this was a bug in Ver 3 which was corrected in Ver 4.0. Any suggessions? Thanks in Advance. Derek
  • 2. Blocking IP Addresses in Real Time
    I am looking for a way to Block / Allow in coming IP address to a PC. Now this can be done with all the firewall software / hardware. But my problem is that I need to go in and manually configure the rules, reboot the machine etc etc. This is not practical when 1000's of allow / block request has to done in a day. Is there a firewall software or hardware that I can send a SNMP message and set the rules, even better would be a http post or socket call etc. Thanks Jay
  • 3. CheckPoint FW-1 NG stopped logging
    Hi, During the weekend our firewall (Nokia IP440 Checkpoint NG) stopped logging to disk. The last 2 lines the log indicated a full disk was the reason and "All log clients are disconnected". How do I get the firewall to start logging again (i freed up enough space). Please tell me I don't have to restart the firewall. Regards, Raymond Zwarts

Single sign on via network connection

Postby josch67 » Fri, 14 Jul 2006 01:08:03 GMT

Hi there,
I have a single sign on issue using windows xp and internet explorer.

Under normal circumstances, my computer is connected to our local area
network. My computer is part of our active directory structure and my
username also belongs to the active directory.
When I start internet explorer and navigate to our intranet, I will be
identified and authenticated by this website via a single sign on
mechanism. (With my username, I am logged on with). And everything
works fine!

Now assume, that I am on business trip. I am not connected to the LAN
and therefore logged on by my cached profile on my computer. (Same
username as before). Then I connect my computer to an external provider

by setting up a network connection with an appropriate username and

Additionally I set up a VPN tunnel to the LAN of my company.

Now, when I start the internet explorer and navigate to the
intranet-web-page, the single sign on fails and I will be promted with
an authentication window.
And the strange thing is, that the username which is already placed
within the form, isn't the username I am logged on with (my cached
profile), but the username of the network connection I need to connect
my computer to the external provider.

I already did some searches within the filesystem and the registry, but

I nowhere found this username...
And I also had absolute no idea, how to configure my windows in the way

to use my username I am logged on with, instead of this username which
belongs to the network connection.

I would be more than happy, if somebody could give me a hint... !!!!

Thanks in advance, 

Re: Single sign on via network connection

Postby Sebastian Gottschalk » Fri, 14 Jul 2006 02:12:07 GMT

Single Sign-On is an issue for itself, as well as MSIE is.

The mysteries of NTLM authentication will never be uncovered. Oh wait,
there's some documentation telling exactly why it is so...

Sadly, no one ever remembers RTFM.

Re: Single sign on via network connection

Postby josch67 » Fri, 14 Jul 2006 21:36:14 GMT

The reason, why I ventured to asked, is exactly because I didn't find
any hint or solution in the documentations I dispose of. (Searching MS
Technet articles primarily)

And as far as I can judge, I just asked in a friendly manner.
So if there are some people who probably think "what kind of stupid
things this guy is asking" just do not reply! Save your time for
writing and my time for reading things who doesn't help either the
writer nor the reader...

But I would be still more than happy if someone could give me a hint
(also just a hint which documentation probably could help)!

Thanks in advance,

Sebastian Gottschalk schrieb:

Re: Single sign on via network connection

Postby Sebastian Gottschalk » Fri, 14 Jul 2006 21:41:01 GMT

The problem is that you're first authenticating locally and then just
tunneling to your network. What you actually need is to login remotely,
f.e. with Remote Desktop.

And you should stop depending on NTLM authentication for webbrowsers.
The implementation in Mozilla/Firefox sucks, Opera doesn't support it at
all, and MSIE is totally {*filter*}ed up about any HTTP authentication scheme.

Re: Single sign on via network connection

Postby Duane Arnold » Fri, 14 Jul 2006 21:42:07 GMT

Is there something wrong with asking your support people at your job for 
help? Why are you not asking someone there for help?

Duane :) 

Re: Single sign on via network connection

Postby Duane Arnold » Fri, 14 Jul 2006 21:55:13 GMT

The Web server is making you authenticate your credentials. I would 
assume that it knows the difference between a machine that is physically 
on the  LAN on the Intranet trying to make the connection to the Web 
server as opposed to you doing it remotely through some VPN connection 
and you're not really on the trusted LAN domain, with the connection 
being made over the Internet.

In any event, you should be asking your support people at your job as to 
why it is so.

Duane :)

Re: Single sign on via network connection

Postby Volker Birk » Fri, 14 Jul 2006 23:19:48 GMT

The complete behaviour depends on your network setup. What are you doing

"Alles geht allen, nur meins geht mir."

Patricia Bednar er Kommunismus

Re: Single sign on via network connection

Postby josch67 » Wed, 26 Jul 2006 22:12:35 GMT

Hi all,

I just found a microsoft technet article which desribes the problem.
(Including an appropriate solution).


Thanks for all tips anyway!


Volker Birk schrieb:

Return to firewall


Who is online

Users browsing this forum: No registered users and 52 guest