Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 30 November 2024, 10:36:12 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Proxy with Ldap (access denied)
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Proxy with Ldap (access denied)  (Read 25699 times)
soylor
Jr. Member
*
Offline Offline

Posts: 6


« on: Tuesday 01 March 2011, 05:56:29 am »

I've configured LDAP for authorization, but i get access denied.

The access Policy is also modifyed to allow some users.

See attaced images.

Any help?
Logged
soylor
Jr. Member
*
Offline Offline

Posts: 6


« Reply #1 on: Saturday 19 March 2011, 08:43:25 pm »

Any help?
Logged
lo
Full Member
***
Offline Offline

Posts: 27


« Reply #2 on: Saturday 19 March 2011, 10:35:32 pm »

hy soilor,

if you can select which users are allowed to access the resourced of the content filter, I suppose that the LDAP server is working fine, as the interface between it and the EFW.

can you check the output of this command:

restartsquid.py --debug --force

do you see any error? moreover, which version of LDAP are you running?

Bye

Lo
Logged
soylor
Jr. Member
*
Offline Offline

Posts: 6


« Reply #3 on: Sunday 20 March 2011, 08:37:50 pm »

I've found the problem.

It really works fine!!

When i have a green zone IP it works.

Now i want to access from a 10.0.0.0 IP range to the green interface.
I have a VPN machine and access to the green zone using this machine (it has a IP into the GRENN ZONE).
Any rule to add to allow this?
Logged
lo
Full Member
***
Offline Offline

Posts: 27


« Reply #4 on: Sunday 20 March 2011, 10:34:33 pm »

no, you have to create a VPN account (setting it up in the right way) and you have done!
Logged
soylor
Jr. Member
*
Offline Offline

Posts: 6


« Reply #5 on: Sunday 20 March 2011, 11:04:05 pm »

Sorry, but tested again and does not wotk with an IP from the GREEN IP range.

So rollback, the problem gets unchanged:The Proxy shows the window to write user and password, but i get "Access Denied" and not errors found.


Logged
lo
Full Member
***
Offline Offline

Posts: 27


« Reply #6 on: Sunday 20 March 2011, 11:14:43 pm »

probably I am missing your scenario...let me try to summarize:

- in the GREEN zone you have a web server or something similar
- you have a machine on Internet (== in the RED zone) which connects to the EFW through VPN and it is bridged to the GREEN zone
- you get an IP on the VPN interface (tun tap) on the machine in the RED zone which is in the GREEN subnet
- you try to access the web server on the GREEN interface from the RED interface through VPN and you get an "Access Denied" error from the EFW

Is it correct?

Thanks

Lo
Logged
soylor
Jr. Member
*
Offline Offline

Posts: 6


« Reply #7 on: Sunday 20 March 2011, 11:19:25 pm »

It's correct but i have tested 2 scenarios, both with the same result (windows to wite user and password and Access Denied).

The first scenario is an VPN machine that can access to EFW for using it as proxy.
The second scenario is a machine in the same GREEN lan, directily in the same ethernet segment (without VPN).

Logged
lo
Full Member
***
Offline Offline

Posts: 27


« Reply #8 on: Monday 21 March 2011, 03:52:47 am »

If you are accessing the web server on the GREEN zone from VPN you don't need to pass through the proxy ... what happens if you try to disable the proxy on your browser in such a way that you access that web server directly?
Logged
soylor
Jr. Member
*
Offline Offline

Posts: 6


« Reply #9 on: Monday 21 March 2011, 08:20:18 pm »

The client PC is a Windows machine in the same GREEN network as the EFW.
The proxy is used for accessing internet (without proxy it woks well).
Logged
lo
Full Member
***
Offline Offline

Posts: 27


« Reply #10 on: Tuesday 03 May 2011, 03:19:40 am »

probably I am missing your scenario...let me try to summarize:

- in the GREEN zone you have a web server or something similar
- you have a machine on Internet (== in the RED zone) which connects to the EFW through VPN and it is bridged to the GREEN zone
- you get an IP on the VPN interface (tun tap) on the machine in the RED zone which is in the GREEN subnet
- you try to access the web server on the GREEN interface from the RED interface through VPN and you get an "Access Denied" error from the EFW

Is it correct?

Thanks

Lo

For me this is the best solution for this problem, surely your problem will be solve with the help of this.

this is not a solution, this is a request for info Smiley
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.133 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com