Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 19 December 2024, 02:49:49 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  EFW 3.X & AD asks for User Name / Password
0 Members and 3 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: EFW 3.X & AD asks for User Name / Password  (Read 41917 times)
Manit
Jr. Member
*
Offline Offline

Posts: 1


« on: Tuesday 19 May 2015, 11:25:34 pm »

Dear All,

I'm EFW fan and I've been using it since very long (can't remember how long).
I deployed to my small size network customers without any problem for many years.

Here are my standard configuration:
1. Windows Server 2008 as AD with INTERNET_USERS_GROUP pre-defined on AD.
2. EFW joined to AD / client access to the internet via proxy with NTLM + Web Filter + Access Policy
3. on EFW Web Filter / Page Filter I've 'TURN-ON' some un-related to office work categories on  such as "Chat, Games, Hacking & Warez"  etc.  

But as far as I'm testing on EFW 3 including the latest one "EFW-COMMUNITY-3.0.5-beta1-devel-201504071248.iso"

Problem :
"Sometime" at user client PC the Authentication user log-on screen just pops up and asks for User Name & Password.
Since I've tested, seem like it pops up when user go to some blocked sites (defined on Web Filter).

I'm facing on this problem since version 3 released and can't get issue resolve.

Please help.

Thank You
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #1 on: Wednesday 20 May 2015, 04:19:54 am »

Have experienced that... very annoying.  It actually stops you from loading an allowed page if you try to subsequently.  I switched to LDAP and it solved that and a  other problems.
Logged
burja2
Jr. Member
*
Offline Offline

Posts: 8


« Reply #2 on: Wednesday 10 June 2015, 02:16:23 pm »

I've seen something written in the reference manual regarding a setting to be altered in group policies (gpedit.msc) to address an issue similar to the one you are describing on client side.

NTLM authentication with Windows Vista and Windows 7.

The HTTP Proxy in the Endian UTM Appliance uses negotiated NTLMv2, while both Windows Vista and Windows 7 allow by default only straight NTLMv2. As a result, a client installing those operating systems may fail to authenticate to the HTTP proxy even when supplying the correct credentials. The following changes to the client configuration are required to correctly authenticate:

        Start ‣ gpedit.msc (run as administrator)
        Go to: Computer configuration ‣ Windows Settings ‣ Security Settings ‣ Local Policies ‣ Security Options
        Find the configuration option Network Security: LAN MANAGER Authentication Level
        Select the value “Send LM * NTLM - use NTLMv2 session security if negotiated”

After applying these changes the client browser should correctly authenticate using the AD Login Name / Credentials for the HTTP Proxy.
Logged
Juarez1972
Jr. Member
*
Offline Offline

Posts: 4


« Reply #3 on: Monday 06 July 2015, 11:46:23 pm »

I have the same problem. I tried it and don't works. I tried too:
# chgrp squid /var/cache/samba/winbindd_privileged
# chmod 750 /var/cache/samba/winbindd_privileged
and don't works.
Some machines are linux and some Windows is standalone. Everething ask for password if user is not in the group that have permissions.
I tried change de rules order but don't run too. The problem is the Access Policy rules.
Somebody can help me?
Logged
Juarez1972
Jr. Member
*
Offline Offline

Posts: 4


« Reply #4 on: Tuesday 14 July 2015, 06:46:57 am »

To works without being asked password at no time did the lock without relating to a group (no authentication required).
Only release was made by AD user group.
The Access Policy looked like this:
3 filter using 'social_networks_rules' GREEN .facebook.com .youtube.com .twitter.com .pinterest.com .netflix.com .ytimg.com social_networks_group Always ANY
4 Access denied GREEN .facebook.com .youtube.com .twitter.com .pinterest.com .netflix.com .ytimg.com .linkedin.com Not required Always ANY
Thank you all.
Logged
Dumisani
Jr. Member
*
Offline Offline

Posts: 2


« Reply #5 on: Friday 09 June 2017, 09:32:05 pm »

Please help i have setup endian community firewall. firewall only shows outgoing mails at mail queue but not for incoming mail.
Logged
Atmotmefe
Jr. Member
*
Offline Offline

Gender: Male
Posts: 6


« Reply #6 on: Tuesday 31 October 2017, 04:50:32 am »

I used to be able to save my password & user name.  Starting today, I cant.  Is there something I have to do?
Logged
cocoalcazar
Full Member
***
Offline Offline

Posts: 42



« Reply #7 on: Thursday 01 March 2018, 03:40:03 am »

    
Re: EFW 3.X & AD asks for User Name / Password
« Reply #2 on: June 10, 2015, 02:16:23 PM »
   Reply with quote
I've seen something written in the reference manual regarding a setting to be altered in group policies (gpedit.msc) to address an issue similar to the one you are describing on client side.

NTLM authentication with Windows Vista and Windows 7.

The HTTP Proxy in the Endian UTM Appliance uses negotiated NTLMv2, while both Windows Vista and Windows 7 allow by default only straight NTLMv2. As a result, a client installing those operating systems may fail to authenticate to the HTTP proxy even when supplying the correct credentials. The following changes to the client configuration are required to correctly authenticate:

        Start ‣ gpedit.msc (run as administrator)
        Go to: Computer configuration ‣ Windows Settings ‣ Security Settings ‣ Local Policies ‣ Security Options
        Find the configuration option Network Security: LAN MANAGER Authentication Level
        Select the value “Send LM * NTLM - use NTLMv2 session security if negotiated”

After applying these changes the client browser should correctly authenticate using the AD Login Name / Credentials for the HTTP Proxy.





Does this method work?
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.141 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com