EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: Terry.P on Tuesday 02 October 2012, 05:13:24 pm



Title: Authenticaton for AD on Endian 2.5
Post by: Terry.P on Tuesday 02 October 2012, 05:13:24 pm
Hi All,

My problem is, that endian 2.5 joined the domain successfully, but when i go to "Access Policy">Add access policy>, choose userbased authentication.
I get "Can't find the AD / LDAP server.
I joined the domain using Windows Active Directory (NTLM).
Can anyone please assist ???  :-\


Title: Re: Authenticaton for AD on Endian 2.5
Post by: dda on Wednesday 03 October 2012, 01:06:44 am
Review this http://efwsupport.com/index.php?topic=1015.0.  The file you will edit is the winbind.conf.tmpl instead however.


Title: Re: Authenticaton for AD on Endian 2.5
Post by: Terry.P on Friday 05 October 2012, 12:53:34 am
Hi dda,

Thanks for the help, I rebuild the Endian FW, and was able to setup my access policy.

My enviroment is server 2008 and a endian firewall.
Is it possible that i can setup these settings using Server 2008  and let the windows server give the dhcp.  I prefer not to use a pac file.

I have read that it is impossible to use a transparent proxy when using the way that i have set it up, this is with proxy authentication.

Please let me know  :)



Title: Re: Authenticaton for AD on Endian 2.5
Post by: dda on Friday 05 October 2012, 11:42:05 pm
I personally don't use the DHCP server on EFW.  I have a static ip address which windows DHCP issues as the default gateway.  I dont know if i mentioned this before but I had a lot of problems with non-browser apps (like Antivirus and winduws updates) accessing the internet while using NTLM.  I subsequently updated to LDAP authentication using Microsoft ADAM and now everything works great.  I am not far from being a newbie myself as I have only started using EFW this year, so I had to learn by trial and error.


Title: Re: Authenticaton for AD on Endian 2.5
Post by: aneeshjoseph on Saturday 06 October 2012, 07:13:49 pm
Hi,

After reboot it is not connected to the AD automatically.  I need to add it again to the AD. Any idea ?

I checked the configuration file and the hosts entry. These are not changed , also I can ping to DC  hence not a DNS issue. Any Idea ?

Thanks


Title: Re: Authenticaton for AD on Endian 2.5
Post by: dda on Tuesday 09 October 2012, 02:39:16 am
Did you adjust the winbind.conf.tmpl as mentioned above?


Title: Re: Authenticaton for AD on Endian 2.5
Post by: dda on Tuesday 09 October 2012, 02:41:49 am
@Terry.P you can use the pac file and issue settings though Group Policy, I have only recently started doing this.  I use non-transparent proxy with LDAP authentication on a Windows 2003 SBS/Windows 2008 server envoirment.


Title: Re: Authenticaton for AD on Endian 2.5
Post by: Terry.P on Wednesday 10 October 2012, 01:47:39 am
Hi dda,

My apologies for the late reply.
I used the pac file with non transparent proxy and it worked, but was asked to make it work without a pac and by using a transparent proxy.
but when i use the option with just the transparent proxy, all websites gets blocked.
Any advise ???


Title: Re: Authenticaton for AD on Endian 2.5
Post by: dda on Wednesday 10 October 2012, 08:18:50 am
Using a pac pushed by the GPO is the best method and will mean that you don't have to manually new machines added to the network.  I am researching the transparent proxy, I remember there being something that does not suit what i wanted to achieve with the transparent proxy.  I believe it is related to authentication but i will verify and get back to you.


Title: Re: Authenticaton for AD on Endian 2.5
Post by: dda on Wednesday 10 October 2012, 08:23:47 am
according to this http://www.efwsupport.com/index.php?topic=2957.0
It looks like you have to allow https traffic in the outgoing firewall and block http if you are using transparent proxy. 

(Make sure that the default firewall rule allowing HTTP is disabled when the HTTP proxy is running, this will make sure no clients can access the web over HTTP directly. HTTPS must be left enabled as the Transparent proxy will not filter for HTTPS sites.)