Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 15 December 2024, 05:45:19 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  Authenticaton for AD on Endian 2.5
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Authenticaton for AD on Endian 2.5  (Read 29061 times)
Terry.P
Jr. Member
*
Offline Offline

Posts: 6



« on: Tuesday 02 October 2012, 05:13:24 pm »

Hi All,

My problem is, that endian 2.5 joined the domain successfully, but when i go to "Access Policy">Add access policy>, choose userbased authentication.
I get "Can't find the AD / LDAP server.
I joined the domain using Windows Active Directory (NTLM).
Can anyone please assist Huh  Undecided
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #1 on: Wednesday 03 October 2012, 01:06:44 am »

Review this http://efwsupport.com/index.php?topic=1015.0.  The file you will edit is the winbind.conf.tmpl instead however.
Logged
Terry.P
Jr. Member
*
Offline Offline

Posts: 6



« Reply #2 on: Friday 05 October 2012, 12:53:34 am »

Hi dda,

Thanks for the help, I rebuild the Endian FW, and was able to setup my access policy.

My enviroment is server 2008 and a endian firewall.
Is it possible that i can setup these settings using Server 2008  and let the windows server give the dhcp.  I prefer not to use a pac file.

I have read that it is impossible to use a transparent proxy when using the way that i have set it up, this is with proxy authentication.

Please let me know  Smiley

Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #3 on: Friday 05 October 2012, 11:42:05 pm »

I personally don't use the DHCP server on EFW.  I have a static ip address which windows DHCP issues as the default gateway.  I dont know if i mentioned this before but I had a lot of problems with non-browser apps (like Antivirus and winduws updates) accessing the internet while using NTLM.  I subsequently updated to LDAP authentication using Microsoft ADAM and now everything works great.  I am not far from being a newbie myself as I have only started using EFW this year, so I had to learn by trial and error.
Logged
aneeshjoseph
Jr. Member
*
Offline Offline

Posts: 2


« Reply #4 on: Saturday 06 October 2012, 07:13:49 pm »

Hi,

After reboot it is not connected to the AD automatically.  I need to add it again to the AD. Any idea ?

I checked the configuration file and the hosts entry. These are not changed , also I can ping to DC  hence not a DNS issue. Any Idea ?

Thanks
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #5 on: Tuesday 09 October 2012, 02:39:16 am »

Did you adjust the winbind.conf.tmpl as mentioned above?
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #6 on: Tuesday 09 October 2012, 02:41:49 am »

@Terry.P you can use the pac file and issue settings though Group Policy, I have only recently started doing this.  I use non-transparent proxy with LDAP authentication on a Windows 2003 SBS/Windows 2008 server envoirment.
Logged
Terry.P
Jr. Member
*
Offline Offline

Posts: 6



« Reply #7 on: Wednesday 10 October 2012, 01:47:39 am »

Hi dda,

My apologies for the late reply.
I used the pac file with non transparent proxy and it worked, but was asked to make it work without a pac and by using a transparent proxy.
but when i use the option with just the transparent proxy, all websites gets blocked.
Any advise Huh
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #8 on: Wednesday 10 October 2012, 08:18:50 am »

Using a pac pushed by the GPO is the best method and will mean that you don't have to manually new machines added to the network.  I am researching the transparent proxy, I remember there being something that does not suit what i wanted to achieve with the transparent proxy.  I believe it is related to authentication but i will verify and get back to you.
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #9 on: Wednesday 10 October 2012, 08:23:47 am »

according to this http://www.efwsupport.com/index.php?topic=2957.0
It looks like you have to allow https traffic in the outgoing firewall and block http if you are using transparent proxy. 

(Make sure that the default firewall rule allowing HTTP is disabled when the HTTP proxy is running, this will make sure no clients can access the web over HTTP directly. HTTPS must be left enabled as the Transparent proxy will not filter for HTTPS sites.)
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com