EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Friday 01 November 2024, 11:23:55 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
CLICK HERE
for the The official Endian Roadmap and Issue tracker
14248
Posts in
4376
Topics by
6515
Members
Latest Member:
hulteends
Search:
Advanced search
EFW Support
Support
EFW SMTP, HTTP, SIP, FTP Proxy Support
HTTP Proxy LDAP Authentication problem
0 Members and 2 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: HTTP Proxy LDAP Authentication problem (Read 37332 times)
entourage
Full Member
Offline
Posts: 48
HTTP Proxy LDAP Authentication problem
«
on:
Tuesday 09 June 2009, 01:26:19 am »
I have ver. 2.2 installed and working...mostly.
I've setup LDAP Authentication and it appears to be working because I can select and enable my 'Internet Users' AD group. If I set the Green interface to Transparent, it filters as it should. It blocks pages, restricts browsers and scans sites...HOWEVER it doesn't care what group I'm in. I don't need to be authenticated to the domain at all to get Internet access.
So I set the Green interface to Authentication Required and now any site I try to browse to I'm prompted for a username and password. It doesn't matter how I put in the username/password I am never able to get to the site and finally, the message comes up saying "Sorry, you are not currently allowed to request: (website) from this cache until you have authenticated yourself.
BTW, I have a single NIC setup as this acts as ONLY a web filtering/caching proxy.
Any ideas or suggestions?
Logged
npeterson
Full Member
Offline
Posts: 90
Re: HTTP Proxy LDAP Authentication problem
«
Reply #1 on:
Tuesday 09 June 2009, 11:07:43 pm »
If this is going to be a standalone proxy / filter, i wouldn't set this up as transparent. Setup the clients to go directly to the proxy, or use a wpad. It may be part of your problem as well.
Logged
entourage
Full Member
Offline
Posts: 48
Re: HTTP Proxy LDAP Authentication problem
«
Reply #2 on:
Tuesday 09 June 2009, 11:44:46 pm »
Yeah, I didn't think I wanted it transparent since Authentication Required was an option, but it wasn't working with the authentication. I just wanted to verify that filtering was working.
All of my clients are currently directed through an ISA server, so their proxy access is setup and working without a problem. It's just that if I point their proxy to the EFW, it won't authenticate them and gives them the message in my previous post. Should it even prompt them at all?
Logged
npeterson
Full Member
Offline
Posts: 90
Re: HTTP Proxy LDAP Authentication problem
«
Reply #3 on:
Wednesday 10 June 2009, 01:06:02 am »
Yea if your wanting to track where people go or setup special group access.
If you are using authentication to a Active directory domain, you should set the authentication type to Windows not ldap, i had some problems trying to do ldap too, and switched over to the Windows(active directory) authentication.
You will need to enter a username with the ability to add computers to the domain, after it creates an AD account, i dont believe it uses the account anymore.
Also enter the IP addresses for the PDC and BDC, or if you use their hostnames, you may need to add a host entry on the Network->edit hosts page. Hit Join domain. You can verify that its connected by going to group policies and selecting add group, your AD groups should be listed there.
Back on the authentication page, set the Authentication realm prompt to your active directory domain name (ex company.com). otherwise your users will need to use company.com\user for their username.
Logged
entourage
Full Member
Offline
Posts: 48
Re: HTTP Proxy LDAP Authentication problem
«
Reply #4 on:
Wednesday 10 June 2009, 01:37:52 am »
Ok, closer. I changed it to Windows Authentication and put in my Domain, PDC Hostname, BDC Hostname, username and password. (My PDC and BDC are the same) I added the host entry so I could type in my hostname. Now when I click 'Join Domain' I get this message:
Error while connecting to PDC. Is the PDC listed in the custom nameserver list?
I then added my Server to the Custom nameserver under DNS. Rebooted, and I still get this message.
I also notice that up at the top is a message saying
dnsmasq is stopped Starting dnsmasq: [FAILED]
Any ideas?
Logged
entourage
Full Member
Offline
Posts: 48
Re: HTTP Proxy LDAP Authentication problem
«
Reply #5 on:
Wednesday 10 June 2009, 07:02:01 am »
-Update-
After reading a bit and knowing what little of Linux I actually do know, I decided to make sure my hostnames were all CAPS. Once I matched the case I was able to join the EFW to the Domain! (Crazy case sensitive OS)
I set it to Authentication Required and had 'User-based access restrictions' checked. I put my username in and I can now browse successfully through the proxy.
I was also then able to add my 'SBS Internet Users' group!
Thanks for the help!!
Logged
davvidde
Full Member
Offline
Gender:
Posts: 68
Re: HTTP Proxy LDAP Authentication problem
«
Reply #6 on:
Saturday 13 June 2009, 02:55:27 am »
If you change back to LDAP authentication and try to set the groups listed in "group policy" to "unrestricted" instead of "default policy" does the authentication works? (and of course the content filter is BYPAS SED?)
I have a similar problem and the LDAP authentication works for me only in this mode but I cannot filter HTTP traffic.
Logged
davvidde
Full Member
Offline
Gender:
Posts: 68
Re: HTTP Proxy LDAP Authentication problem
«
Reply #7 on:
Wednesday 24 June 2009, 06:27:15 am »
Nobody has resolved this problem?
Logged
entourage
Full Member
Offline
Posts: 48
Re: HTTP Proxy LDAP Authentication problem
«
Reply #8 on:
Wednesday 24 June 2009, 06:50:54 am »
I basically gave up on LDAP. I've read that by design, it constantly requires the use of username/password even though you are already authenticated.
Logged
davvidde
Full Member
Offline
Gender:
Posts: 68
Re: HTTP Proxy LDAP Authentication problem
«
Reply #9 on:
Thursday 25 June 2009, 06:57:51 pm »
That sounds strange for me: with 2.2rc3 I need to authenticate only the first time when I open the browser (Firefox 3 or IE 6), and that credentials are in place until the end of the session.
What log file I need to set up and look to debug the problem with the 2.2 final?
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com