Windows 7, Proxy by PAC, NTLM authentication

Post Reply
MadFurai
Posts:18
Joined:Tue Oct 18, 2011 10:05 am
Windows 7, Proxy by PAC, NTLM authentication

Post by MadFurai » Thu Nov 03, 2011 7:33 am

I'm having a strange problem with Integrated Windows Authentication and FM Firefox CE 7.0.1. We have intranet sites that seem to work fine. They get the NTLM information and we are never prompted for username or password. However, we also use an automatic proxy script (PAC file) for internet access and the IWA isn't working using FM Firefox CE 7.0.1 and Windows 7. It works fine with the same exact settings for Windows XP machines, AND it works fine on Windows 7 machines if you use IE with the same exact PAC script. I know this might not be directly caused by the FMFirefoxCE package, but I have googled this problem for days with no leads at all. It appears that it has to be related to how Firefox reads the PAC script, since Internet Exporer works fine on the same machine.

MHX
Posts:32
Joined:Thu Oct 06, 2011 1:55 am

Re: Windows 7, Proxy by PAC, NTLM authentication

Post by MHX » Thu Nov 03, 2011 9:43 am

I had similar problems with Firefox network settings (not related to a specific version, it was Firefox 4 I first tested it with, was the same with Firefox 5, and I guess that it might still be the same with the latest version). In our case it was not a PAC file as we do not use it, but I thought that I could say "Use system settings" (or similar as I don't know the original English text) in network tab so that I do not have to configure everything for Firefox, too. But the proxy override list ("do not use proxy for...") configured in Windows/Internet Explorer was not used. That is why we switched back to manual configuration for the network settings. So, only with manual configuation Firefox works in all cases, it seems. I second this that it probably is a general Firefox problem, not a FirefoxCE problem.

MadFurai
Posts:18
Joined:Tue Oct 18, 2011 10:05 am

Re: Windows 7, Proxy by PAC, NTLM authentication

Post by MadFurai » Thu Nov 03, 2011 10:53 am

In my case, I have narrowed it down to actually having something to do with the commands written in our PAC script. I verified this by pointing Firefox CE to a different PAC script that is much simpler with less commands. I can't tell you which commands are failing yet.

I also don't understand why the same commands work fine on a Windows XP box with the same exact version of FIrefox CE and the same GPO settings. It seems to be related to how Firefox CE and Windows 7 interact, because Internet Explorer and Windows 7 don't have any problem processing the same PAC script.

Anyway, for now I am sending Firefox to the working PAC script. Thanks to FrontMotion and the ability to control Firefox CE with GPO settings!

User avatar
DraconPern
Site Admin
Posts:1218
Joined:Thu Oct 30, 2003 11:47 pm
Location:Texas
Contact:

Re: Windows 7, Proxy by PAC, NTLM authentication

Post by DraconPern » Mon Nov 07, 2011 10:57 am

May be the script is trying to read somethings that may require a UAC prompt? wmi is one potentially.
FrontMotion Lead Developer

MadFurai
Posts:18
Joined:Tue Oct 18, 2011 10:05 am

Re: Windows 7, Proxy by PAC, NTLM authentication

Post by MadFurai » Mon Nov 07, 2011 12:50 pm

No, we have UAC completely disabled in our environment. I need to research javascript some more.

MadFurai
Posts:18
Joined:Tue Oct 18, 2011 10:05 am

Re: Windows 7, Proxy by PAC, NTLM authentication

Post by MadFurai » Wed Nov 09, 2011 3:20 pm

Looks like I might have stumbled across a "fix" for this issue. There is a chance Firefox was using an older "cached" version of the PAC script and some of the commands might also have been trying to use the IPv6 machine address instead of the IPv4 address. I'll know for sure in a few days, but so far the following 2 changes have allowed the PAC script to function correctly.

In Firefox config, I set

"network.dns.disableIPv6" to TRUE

and

"network.http.use-cache" to FALSE

Post Reply