Hi,
I am a bit confused. I did test with Access Policy assigned to SWG-Explicit type profile.
In policy I have HTTP 407 Response object
From test:
- Profile with NTLM Auth Configuration: None
- HTTP 407 Response: basic
Result: All users (connected to domain and not connected) will get authentication popup when first connecting to proxy
- Profile with NTLM Auth Configuration: my ntlm profile
- User Identification Method: tested both IP and Credentials - no difference
-
HTTP 407 Response: basic+negotiate
- basic branch pointing to AD Auth
- negotiate to NTLM Auth Result
Result: Both user connected to domain and not connected cen't access web sites. Auth popup is displayed again and again. Looking at user not connected to domain I can see attempt to use NTLM, in APM logs I can see error that user@computername do not exist - what is of course correct.
So either my policy is wrong, or it's not possible to use HTTP 407 Response: basic+negotiate for NTLM, only for Kerberos - no NTLM Auth Configuration set in profile.
Piotr