Is NetBIOS Over TCP Required For Authentication?

From: CHANGE USERNAME TO westes (DELETE_westes_at_earthbroadcast.com)
Date: 03/09/04 

Date: Tue, 9 Mar 2004 03:16:26 -0800

I'm having some configuration issues with a Microsoft Proxy Server 2.0 that
I would like help resolving.

The proxy server is configured to authenticate each user request, and
permissions to reach the Internet for various protocols is granted only to
specific userids in the Windows domain. What we are noticing is that any
time we turn off NetBIOS over TCP, the proxy server cannot authenticate
*any* user. Is NetBIOS over TCP really required for Windows 2000
authentication? If not, how can we get authentication to work when NetBIOS
over TCP is turned off?

The most serious problem with leaving NetBIOS over TCP turned on for the
internal ethernet segment is that our firewall is seeing nbname requests
going out from our proxy server every time there is a traceroute from the
console of the proxy server. Apparently Windows tries to do an nbname
lookup prior to doing a DNS lookup using pure IP. Those requests are
getting routed to the external interface with the internal IP address of our
proxy server showing as the source ID on the packet!! Of course we can
trap those packets on the firewall and drop them, but I still don't want
them going out at all. Is there a trick to confining nbname lookups to
the internal interface and preventing those lookups from heading outbound on
the external ethernet segment of the proxy server? 

-- 
Will
westes AT earthbroadcast.com

Relevant Pages

  • Re: Question - Can I force a machine to use a specific DC for Authentication
    ... HODC1 is Schema owner, Domain role owner, PDC role,RID pool manager and GC ... AD sites and services setup is fine and all replication is working (our AD ... authentication of the user and the proxy server happens at different boxes, ... hence I want to force the proxy to authenticate to HODC1. ...
    (microsoft.public.windows.server.general)
  • Re: Question - Can I force a machine to use a specific DC for Authentication
    ... Normally it doesn't matter which DC's is used, when your replication between the DC's is running correctly. ... Please describe your network setup, how many sites, how are they connected, how many DC per site and how you setup your DNS. ... The prtoblem appears to be that the proxy server ... using a remote DC to Authenticate. ...
    (microsoft.public.windows.server.general)
  • authentication using CredentialCache against proxy server problem
    ... I'm not able to authenticate against proxy server when I try to pass an ... SoapHttpClientProtocol instance. ... The way using CredentialCache works well against IIS hosting my webservice, ... but not proxy server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Synchronisation Connection - Proxy Blues
    ... There's no way to authenticate with a proxy server through the ... SqlCeReplication object. ... What I can't do is to access the proxy server settings on the device to ...
    (microsoft.public.sqlserver.ce)
  • Re: load balancing metrics
    ... For Application Redirection, these metrics have different algorithm ... all requests for a specific IP ... the bandwidth of your Internet access and resource of a proxy server ...
    (comp.dcom.sys.nortel)