EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Monday 23 December 2024, 12:01:31 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
CLICK HERE
for the The official Endian Roadmap and Issue tracker
14262
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
EFW SMTP, HTTP, SIP, FTP Proxy Support
EFW 3.X & AD asks for User Name / Password
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: EFW 3.X & AD asks for User Name / Password (Read 42273 times)
Manit
Jr. Member
Offline
Posts: 1
EFW 3.X & AD asks for User Name / Password
«
on:
Tuesday 19 May 2015, 11:25:34 pm »
Dear All,
I'm EFW fan and I've been using it since very long (can't remember how long).
I deployed to my small size network customers without any problem for many years.
Here are my standard configuration:
1. Windows Server 2008 as AD with INTERNET_USERS_GROUP pre-defined on AD.
2. EFW joined to AD / client access to the internet via proxy with NTLM + Web Filter + Access Policy
3. on EFW Web Filter / Page Filter I've 'TURN-ON' some un-related to office work categories on such as "Chat, Games, Hacking & Warez" etc.
But as far as I'm testing on EFW 3 including the latest one "EFW-COMMUNITY-3.0.5-beta1-devel-201504071248.iso"
Problem :
"Sometime" at user client PC the Authentication user log-on screen just pops up and asks for User Name & Password.
Since I've tested, seem like it pops up when user go to some blocked sites (defined on Web Filter).
I'm facing on this problem since version 3 released and can't get issue resolve.
Please help.
Thank You
Logged
dda
Sr. Member
Offline
Posts: 227
Re: EFW 3.X & AD asks for User Name / Password
«
Reply #1 on:
Wednesday 20 May 2015, 04:19:54 am »
Have experienced that... very annoying. It actually stops you from loading an allowed page if you try to subsequently. I switched to LDAP and it solved that and a other problems.
Logged
burja2
Jr. Member
Offline
Posts: 8
Re: EFW 3.X & AD asks for User Name / Password
«
Reply #2 on:
Wednesday 10 June 2015, 02:16:23 pm »
I've seen something written in the reference manual regarding a setting to be altered in group policies (gpedit.msc) to address an issue similar to the one you are describing on client side.
NTLM authentication with Windows Vista and Windows 7.
The HTTP Proxy in the Endian UTM Appliance uses negotiated NTLMv2, while both Windows Vista and Windows 7 allow by default only straight NTLMv2. As a result, a client installing those operating systems may fail to authenticate to the HTTP proxy even when supplying the correct credentials. The following changes to the client configuration are required to correctly authenticate:
Start ‣ gpedit.msc (run as administrator)
Go to: Computer configuration ‣ Windows Settings ‣ Security Settings ‣ Local Policies ‣ Security Options
Find the configuration option Network Security: LAN MANAGER Authentication Level
Select the value “Send LM * NTLM - use NTLMv2 session security if negotiated”
After applying these changes the client browser should correctly authenticate using the AD Login Name / Credentials for the HTTP Proxy.
Logged
Juarez1972
Jr. Member
Offline
Posts: 4
Re: EFW 3.X & AD asks for User Name / Password
«
Reply #3 on:
Monday 06 July 2015, 11:46:23 pm »
I have the same problem. I tried it and don't works. I tried too:
# chgrp squid /var/cache/samba/winbindd_privileged
# chmod 750 /var/cache/samba/winbindd_privileged
and don't works.
Some machines are linux and some Windows is standalone. Everething ask for password if user is not in the group that have permissions.
I tried change de rules order but don't run too. The problem is the Access Policy rules.
Somebody can help me?
Logged
Juarez1972
Jr. Member
Offline
Posts: 4
Re: EFW 3.X & AD asks for User Name / Password
«
Reply #4 on:
Tuesday 14 July 2015, 06:46:57 am »
To works without being asked password at no time did the lock without relating to a group (no authentication required).
Only release was made by AD user group.
The Access Policy looked like this:
3 filter using 'social_networks_rules' GREEN .facebook.com .youtube.com .twitter.com .pinterest.com .netflix.com .ytimg.com social_networks_group Always ANY
4 Access denied GREEN .facebook.com .youtube.com .twitter.com .pinterest.com .netflix.com .ytimg.com .linkedin.com Not required Always ANY
Thank you all.
Logged
Dumisani
Jr. Member
Offline
Posts: 2
Re: EFW 3.X & AD asks for User Name / Password
«
Reply #5 on:
Friday 09 June 2017, 09:32:05 pm »
Please help i have setup endian community firewall. firewall only shows outgoing mails at mail queue but not for incoming mail.
Logged
Atmotmefe
Jr. Member
Offline
Gender:
Posts: 6
EFW 3 X AD asks for User Name / Password
«
Reply #6 on:
Tuesday 31 October 2017, 04:50:32 am »
I used to be able to save my password & user name. Starting today, I cant. Is there something I have to do?
Logged
cocoalcazar
Full Member
Offline
Posts: 42
Re: EFW 3.X & AD asks for User Name / Password
«
Reply #7 on:
Thursday 01 March 2018, 03:40:03 am »
Re: EFW 3.X & AD asks for User Name / Password
« Reply #2 on: June 10, 2015, 02:16:23 PM »
Reply with quote
I've seen something written in the reference manual regarding a setting to be altered in group policies (gpedit.msc) to address an issue similar to the one you are describing on client side.
NTLM authentication with Windows Vista and Windows 7.
The HTTP Proxy in the Endian UTM Appliance uses negotiated NTLMv2, while both Windows Vista and Windows 7 allow by default only straight NTLMv2. As a result, a client installing those operating systems may fail to authenticate to the HTTP proxy even when supplying the correct credentials. The following changes to the client configuration are required to correctly authenticate:
Start ‣ gpedit.msc (run as administrator)
Go to: Computer configuration ‣ Windows Settings ‣ Security Settings ‣ Local Policies ‣ Security Options
Find the configuration option Network Security: LAN MANAGER Authentication Level
Select the value “Send LM * NTLM - use NTLMv2 session security if negotiated”
After applying these changes the client browser should correctly authenticate using the AD Login Name / Credentials for the HTTP Proxy.
Does this method work?
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.125 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com