Title: HTTP Proxy/Windows AD Authentication/User Logging Post by: llysty on Tuesday 16 November 2010, 11:17:29 pm Hello!
Finally got my efw live on my network and have everything thing pretty much working just so. My sole issue isn't a big problem but would be nice to sort so that we can have user tracking of internet use (my logs are showing IP address but no username). I have successfully managed to join efw to the domain and on the face of it, it looks OK - when I define the policy, I can see the AD groups etc. However, when I activate the profile it either achieves nothing or the user's see a login box that when tried with the AD username/password, the authentication fails so access is denied. Many years ago when we tried endian last, I had the authentication working great - we're aiming to get a completely transparant process going where activity is logged against the logged in AD user but without the need to input passwords (my only problem last time was with defining groups as efw couldn't cope with our AD structure on a SBS server). The odd thing I have noticed in the proxy logs is that the clients are seeming to attempt to authenticate with their ad username as every client session enter this into the proxy log: //.../adpb/registration?username=*user*&domain=... We are using SBS2003 server and a mixture of clients from Win XP to Windows 7. Any idea's? Many thanks Andy Title: Re: HTTP Proxy/Windows AD Authentication/User Logging Post by: llysty on Tuesday 16 November 2010, 11:37:29 pm Doing a bit more investigation, I've picked up that the issue may be related to IE as it works on early versions and also Firefox. I'm going to download Firefox to see but does anyone have any IE 8/9 configuration tips?
Title: Re: HTTP Proxy/Windows AD Authentication/User Logging Post by: llysty on Wednesday 17 November 2010, 01:39:48 am Okay - this isn't a browser issue. Have tried LDAP authentication to AD also but the same issue arises. Essentially, clients are not successfully authenticating ???
Title: Re: HTTP Proxy/Windows AD Authentication/User Logging Post by: ehermouet on Wednesday 17 November 2010, 09:40:43 pm hi all,
i think i have the same problem. i have 3 endian in my network. 2 of them are on 2.3, and proxy work with authentication from active directory server. when user open IE or mozilla they don't ask username or password it's auto, on the last version, 2.4 my user must xrite username and password and it's work not first time but the second or third time. if anybody can help me. tks advance Title: Re: HTTP Proxy/Windows AD Authentication/User Logging Post by: llysty on Wednesday 01 December 2010, 09:12:25 pm OK - I've fixed my problem!
The issue is related to the outgoing firewall rule allowing port 80 (installed by default). This needs to be disabled/removed to allow the authentication on the proxy to work. Http proxy must also not be set to transparent. |