Microsoft KB Archive/245237

= Configuration to Enable the Netscape Browser Program to Function Properly in a Proxy 2.0-Based Environment =

Article ID: 245237

Article Last Modified on 6/30/2004

-

APPLIES TO


 * Microsoft Proxy Server 2.0 Standard Edition
 * Microsoft Internet Information Server 4.0
 * Microsoft Internet Information Services 5.0

-



This article was previously published under Q245237



SUMMARY
The Netscape browser program does not support NT Challenge/Response (NTLM) authentication. To function in a Microsoft Proxy 2.0-based environment where access control is in use, you must use a special configuration on the Internet Information Server (IIS). This article describes the configuration required to enable the Netscape browser program to function effectively in a Proxy 2.0-based environment.



MORE INFORMATION
There are situations where Microsoft Proxy server may be implemented in an all Netscape browser environment, or in a mixed Internet Explorer/Netscape browser environment. Proxy server works transparently in an all Internet Explorer environment with the default security settings for the default Web site in IIS. The default authentication methods are:
 * Allow Anonymous Access
 * Windows NT Challenge/Response

Netscape is unable to use NTLM and requires that Basic Authentication be enabled on the default Web site.

How Proxy server is implemented in an Enterprise environment where access control is enabled is also critical. There are three ways to implement Proxy server:
 * 1) Stand-alone server which is not a member of a Domain. In this case the Proxy server would use its local accounts database to verify access rights for users trying to use proxy services.
 * 2) Member server in a domain. In this case Proxy server would contact a domain controller to verify user access rights.
 * 3) Member server in a separate trusted domain. In this case the proxy server would pass the request to the primary domain controller (PDC) of the domain where the Proxy resides. The PDC would contact the PDC in the trusted domain to verify the credentials of the user and then pass them back.

With Basic Authentication implemented on the default Web site, a user running the Netscape browser must manually configure the browser to refer to the Proxy server for Web Proxy services. Note that proxy server settings are configured under Preferences in Netscape:  On the Edit menu, click Preferences. Expand the Advanced section, and then click Proxies. Under Manual proxy configuration, check the appropriate selection, and then click View. Complete the appropriate boxes with the address of the proxy server and the appropriate port number. It is recommended that only those services that are required be filled in and the others left blank. Complete the Exceptions section as required. Automatic proxy configuration requires that the URL pointing to the configuration script on the proxy be entered. The default location is

http:// :80/array.dll?Get.Routing.Script

where  is your server name. If the Winsock Proxy Client has been installed, the location for the Automatic Configuration Script is there under the [Common] section.</ol>

To facilitate the authentication process and to cover all three of the scenarios for deploying proxy, it is recommended that on the default Web site a specific entry be placed in the Basic Authentication Domain box. If the box is not filled in, Proxy will default to its own domain or to local SAM database. If a backslash character (\) is placed in the box, proxy will attempt to validate a user against its local SAM, its own domain and any trusted domain; this is the recommended entry for the domain. If the entry is left blank and a user from a trusted domain is unable to gain access by just entering a user name and password at the login prompt, then the format domain\user_name should be used. Note that this assumes the user has been granted access rights to the service in Proxy. Also, every user\group must be granted the "log on locally" permission as documented in the following article in the Microsoft Knowledge Base:

218484 Netscape Users Cannot Gain Access to Proxy

At this point Netscape should function properly. If it does not, disable access control, and then test. If it then functions properly, you may be experiencing a permissions or rights issue, and your troubleshooting should be based on this.

Additional query words: basic security

Keywords: kbhowto kbenv kbfile KB245237

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.