Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 05 December 2024, 11:15:16 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Join AD Fails
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Join AD Fails  (Read 25588 times)
qwaven
Full Member
***
Offline Offline

Posts: 23


« on: Friday 28 January 2011, 09:55:24 am »

Hello all,

I've just got Endian working and varified that the proxy/content filter does work. I've now tried to join the system to my Microsoft Active Directory domain using the "adjoin" button. I get a big red box saying "failed to join domain" .

Would anyone be able to assist with figuring out why this is failing?

I've already tried various accounts which are domain admins.

Thanks!
Logged
davvidde
Full Member
***
Offline Offline

Gender: Male
Posts: 68


« Reply #1 on: Tuesday 01 February 2011, 07:03:33 am »

Read THIS please and you get goal yourself:
http://kb.endian.com/entry/49/

Davide
Logged
qwaven
Full Member
***
Offline Offline

Posts: 23


« Reply #2 on: Tuesday 01 February 2011, 07:33:00 am »

Hi,

Thanks for your response. I've actually recently got the AD Join feature to work however authentication fails. When trying to browse to a site I am prompted to username and password which does not get excepted.

Any thoughts?
Logged
davvidde
Full Member
***
Offline Offline

Gender: Male
Posts: 68


« Reply #3 on: Tuesday 08 February 2011, 09:16:14 am »

if AD join works but authentication don't work try this from a ssh console:

squidclient -l 192.168.x.x -p 8080 -u YOURUSER -w YOURPASSWORD http://www.google.com

where -l is the firewall ip from green if you want to test from green, orange and so on..
-p the port where squid is listening to
-u the user you want to test
-w the user password

If doesn't work (it gives you an error), look permissions of: /var/cache/samba/winbindd_privileged

if you get permissions like this
drwxr-x--- 2 root root 4096 feb 04 13:18 winbindd_privileged

then this is the error because it should be owned by root:squid
To correct:

chown -R root:squid /var/cache/samba/winbindd_privileged
chmod -R 750 /var/cache/samba/winbindd_privileged
restartsquid --force
Logged
qwaven
Full Member
***
Offline Offline

Posts: 23


« Reply #4 on: Tuesday 08 February 2011, 09:40:04 am »


Thanks for the help.

I tried the command and I get what appears to be HTML code. I believe this means its working?

However when trying from a computer I still am prompted for username and password.

Any thoughts?

I am using one cable for the proxy right now. Does this matter? (with auth off I can browse the net fine)

Thanks!
Logged
davvidde
Full Member
***
Offline Offline

Gender: Male
Posts: 68


« Reply #5 on: Wednesday 09 February 2011, 12:47:48 am »

Post more details of your HTTP proxy configuration. Use print screen. Have you looked at file permissions of /var/cache/samba/winbindd_privileged ?
Logged
qwaven
Full Member
***
Offline Offline

Posts: 23


« Reply #6 on: Wednesday 09 February 2011, 02:59:36 am »

Hello again,

Thanks for the info. Just tried the permissions and I "think" authentication is working now. I can browse sites without being prompted for a password.

However I don't think the block lists are working.  I have most of them enabled or RED and I can still browse to youtube...etc. although if I put in a custom blocked page "facebook.com" this works.

Any ideas? Is it possible to view block lists? Or are these updated?

Thanks!
Logged
davvidde
Full Member
***
Offline Offline

Gender: Male
Posts: 68


« Reply #7 on: Thursday 10 February 2011, 09:39:43 am »

You need a more searching work on this forum because your questions are already posted.
However there isn't a front-end to modify the predefined block lists. You can view it with a normal text editor in /etc/dansguardian/blacklists/<CATEGORIES>/domain ;   There is also a script here http://www.efwsupport.com/index.php?topic=2147.0  that help you to retrieve blacklist from an on line service.
Hope this help you.
Logged
qwaven
Full Member
***
Offline Offline

Posts: 23


« Reply #8 on: Friday 11 February 2011, 01:14:56 am »


Thanks for all your help. I think I've figured things out now. Still need to do some tweaking I'm sure but otherwise all seems good.

Cheers! Smiley
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com