miggel
Goto Top

Sicherheitszertifikat - Abfrage umgehen? Einstellung der Firewall?

Moin Admin´s & Co

Hab hier grad mal ein Problem. Haben seit einem Monat die Kerio Winroute Firewall installiert in unserem 30 Clients-Netzwerk.

Seit dem bekomme ich an jedem Client der Internet Zugang hat eine Sicherheitszertifikatabfrage die zur Verzögerung der Erst-Verbindung beiträgt.

Die Clients benutzen den Internet explorer 6.0, System: Win XP pro

Siehe screenshot ---->
770eddfb4eb39b92a25e5287698c4561-abfrage


Ich möchte diese gerne umgehen, ausschalten.

Habe folgenden auszug des Handbuchs gefunden :

23.3 Automatic user authentication using NTLM
WinRoute supports automatic user authentication by the NTLM method (authentication from Web browsers). Users once authenticated for the domain are not asked for username and password.

This chapter provides detailed description on conditions and configuration settings for correct functioning of NTLM.

General conditions
The following conditions are applied to this authentication method:

WinRoute Firewall Engine is running as a service or it is running under a user account with administrator rights to the WinRoute host.

The server (i.e. the WinRoute host) belongs to a corresponding Windows NT or Kerberos 5 (Windows 2000/2003) domain.

Client host belongs to the domain.

User at the client host is required to authenticate to this domain (i.e. local user accounts cannot be used for this purpose).

The NT domain / Kerberos 5 authentication method (see chapter 13.1 Viewing and definitions of user accounts) must be set for the corresponding user account under WinRoute. NTLM cannot be used for authentication in the internal database.

WinRoute Configuration
NTLM authentication of users from web browsers must be enabled in Users → Authentication Options. User authentication should be required when attempting to access web pages, otherwise enabling NTLM authentication is meaningless.


9c448c7379918e3ba16784744bfab9bc-ntlm-settings


The configuration of the WinRoute's web interface must include a valid DNS name of the server on which WinRoute is running

9c99f21a9e6ddd33d786f423f7e4b4d3-wwwintparams

Web browsers
For proper functioning of NTLM, a browser must be used that supports this method. By now, the following browsers are suitable:

Microsoft Internet Explorer version 5.01 or later

Firefox, Netscape, Mozilla or SeaMonkey with the core version Mozilla 1.3 or later

NTLM authentication process
NTLM authentication process differs depending on a browser used.

Microsoft Internet Explorer
NTLM authentication is performed without user's interaction.

The login dialog is displayed only if NTLM authentication fails (e.g. when user account for user authenticated at the client host does not exist in WinRoute).

Warning: One reason of a NTLM authentication failure can be invalid login username or password saved in the Password Manager in Windows operating systems (Control Panels → User Accounts → Advanced → Password Manager) applying to the corresponding server (i.e. the WinRoute host). In such a case, Microsoft Internet Explorer sends saved login data instead of NTLM authentication of the user currently logged in. Should any problems regarding NTLM authentication arise, it is recommended to remove all usernames/passwords for the server where WinRoute is installed from the Password Manager.


Habe mehrere Versuche gestartet, alles neagtiv.

Bin nicht der fitteste in english verfassten Handbüchern!

Bin um jede Hilfe dankbar!

MfG Miggel

Content-ID: 46147

Url: https://administrator.de/forum/sicherheitszertifikat-abfrage-umgehen-einstellung-der-firewall-46147.html

Ausgedruckt am: 22.12.2024 um 22:12 Uhr

36539
36539 01.06.2007 um 12:55:33 Uhr
Goto Top
Hallo,
Die Clients benutzen den Internet explorer 6.0, System: Win XP pro
alles inkl. dem SP 2?

gruß
Miggel
Miggel 04.06.2007 um 13:28:59 Uhr
Goto Top
Richtig!

Auf dem Sever läuft Win SRV 2003...

schon ne ahnung?