Smoothwall Authentication for Non-Domain Computers
We have a mixed environment of domain based and non domain based computers.
Our thin clients now have the ability to PXE boot directly into a browser session, thus using less terminal server resources for web-based and VLE apps.
These thin 'browsers' are not joined to our windows domain and do not have the ability to do so.
We also have a number of students and teachers who bring in their own laptops that are not added to our windows domain.
Traditionally we set up Smoothwall (SG 2008) to authenticate using NTLM in TS compatibility mode.
This is fine and transparent for domain computers, but non domain computers need to authenticate using "DOMAIN\username". Adding the DOMAIN prefix is too complicated for our users.
If we change the authentication to "proxy authentication" (TS compatibility) we solve the problem for the non-domain computers needing to prefix DOMAIN\username. but this now removes the transparent authentication for all the domain computers.
Is there a solution to this ?
Ideally we would like the NTLM to automatically prefix the DOMAIN (as in samba
winbind use default domain = yes