The "Magic Triangle"
I am currently in the process of configuring 3x Apple XServes in a mixed domain, hence in a "magic triangle". This terminology in itself makes me chuckle as it makes one wonder if whatever goes in there is lost forever and untraceable :D
The main "bridge" server is setup in the data centre and is configured as the Open Directory Master. Its sole purpose is to push out Managed Preferences to the 2 further remote servers which are configured as Open Directory replica's.
The servers are bound to Active Directory (using the AD plugin). User Groups have been configured on the ODM under LDAP and Active Directory groups have been placed inside the User Groups to push out the Managed Preferences.
Kerberos has been disabled as per the recommendations for a "magic triangle configuration" from Apple.
Using this setup I can log in to the domain using Active Directory credentials fine. Users' Home Folders are automatically mapped on the Dock via the AD settings which is great. Managed Preferences are being pushed out fine.
Enough of the info and on to the question:
In the Managed Preferences I have configured the Network settings to point the proxies to our Windows ISA Server and Port. For some reason (and I may be wrong), I presumed that when logging the Mac's on to the Windows Domain it would use Kerberos Authentication from the Windows Servers; hence there would be no further need to authenticate against the proxy servers.
This is obviously not the case as every time I launch Safari, I am presented with an authentication dialog to connect to the proxy servers.
1) Is Safari kerberised?
2) Why do I have to keep authenticating with the proxy servers?
3) How do you use Single Sign-On?
4) Has anyone got the internet working through a proxy using Single Sign-On?
Thanks in advance guys,