EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: soylor on Tuesday 01 March 2011, 05:56:29 am



Title: Proxy with Ldap (access denied)
Post by: soylor on Tuesday 01 March 2011, 05:56:29 am
I've configured LDAP for authorization, but i get access denied.

The access Policy is also modifyed to allow some users.

See attaced images.

Any help?


Title: Re: Proxy with Ldap (access denied)
Post by: soylor on Saturday 19 March 2011, 08:43:25 pm
Any help?


Title: Re: Proxy with Ldap (access denied)
Post by: lo on Saturday 19 March 2011, 10:35:32 pm
hy soilor,

if you can select which users are allowed to access the resourced of the content filter, I suppose that the LDAP server is working fine, as the interface between it and the EFW.

can you check the output of this command:

restartsquid.py --debug --force

do you see any error? moreover, which version of LDAP are you running?

Bye

Lo


Title: Re: Proxy with Ldap (access denied)
Post by: soylor on Sunday 20 March 2011, 08:37:50 pm
I've found the problem.

It really works fine!!

When i have a green zone IP it works.

Now i want to access from a 10.0.0.0 IP range to the green interface.
I have a VPN machine and access to the green zone using this machine (it has a IP into the GRENN ZONE).
Any rule to add to allow this?


Title: Re: Proxy with Ldap (access denied)
Post by: lo on Sunday 20 March 2011, 10:34:33 pm
no, you have to create a VPN account (setting it up in the right way) and you have done!


Title: Re: Proxy with Ldap (access denied)
Post by: soylor on Sunday 20 March 2011, 11:04:05 pm
Sorry, but tested again and does not wotk with an IP from the GREEN IP range.

So rollback, the problem gets unchanged:The Proxy shows the window to write user and password, but i get "Access Denied" and not errors found.




Title: Re: Proxy with Ldap (access denied)
Post by: lo on Sunday 20 March 2011, 11:14:43 pm
probably I am missing your scenario...let me try to summarize:

- in the GREEN zone you have a web server or something similar
- you have a machine on Internet (== in the RED zone) which connects to the EFW through VPN and it is bridged to the GREEN zone
- you get an IP on the VPN interface (tun tap) on the machine in the RED zone which is in the GREEN subnet
- you try to access the web server on the GREEN interface from the RED interface through VPN and you get an "Access Denied" error from the EFW

Is it correct?

Thanks

Lo


Title: Re: Proxy with Ldap (access denied)
Post by: soylor on Sunday 20 March 2011, 11:19:25 pm
It's correct but i have tested 2 scenarios, both with the same result (windows to wite user and password and Access Denied).

The first scenario is an VPN machine that can access to EFW for using it as proxy.
The second scenario is a machine in the same GREEN lan, directily in the same ethernet segment (without VPN).



Title: Re: Proxy with Ldap (access denied)
Post by: lo on Monday 21 March 2011, 03:52:47 am
If you are accessing the web server on the GREEN zone from VPN you don't need to pass through the proxy ... what happens if you try to disable the proxy on your browser in such a way that you access that web server directly?


Title: Re: Proxy with Ldap (access denied)
Post by: soylor on Monday 21 March 2011, 08:20:18 pm
The client PC is a Windows machine in the same GREEN network as the EFW.
The proxy is used for accessing internet (without proxy it woks well).


Title: Re: Proxy with Ldap (access denied)
Post by: lo on Tuesday 03 May 2011, 03:19:40 am
probably I am missing your scenario...let me try to summarize:

- in the GREEN zone you have a web server or something similar
- you have a machine on Internet (== in the RED zone) which connects to the EFW through VPN and it is bridged to the GREEN zone
- you get an IP on the VPN interface (tun tap) on the machine in the RED zone which is in the GREEN subnet
- you try to access the web server on the GREEN interface from the RED interface through VPN and you get an "Access Denied" error from the EFW

Is it correct?

Thanks

Lo

For me this is the best solution for this problem, surely your problem will be solve with the help of this.

this is not a solution, this is a request for info :)