Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 30 November 2024, 12:13:43 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  efw 2.4.1 NTLM Authentication problem
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: efw 2.4.1 NTLM Authentication problem  (Read 19732 times)
dtruffo
Full Member
***
Offline Offline

Posts: 11


« on: Thursday 16 December 2010, 02:10:19 am »

Hi all.

I've just enabled NTLM authentication on my EFW 2.4.1

No problems making AD join.
No trasparent Proxy enabled, but proxy set on clients.
When I create an Access Policy I can see all my domain users ans groups.

Opening Firefox from a client it asks for username and passwords. I type them and I start browsing

Opening IE8 from a client if asks for username and password, but, even if user/password are corrct (the same I used on Firefox), I cannot get authenticated.

1 - How can I solve in IE ??

2 - Is there a way to automatically pass username/password of the client (already authenticated in then AD domain) whitout asking everytime credentials ??

I was using Astaro berofe migrating to Endian and automatic authentication was working fine!!


Thank You

Denis
Logged
wdupreez
Full Member
***
Offline Offline

Posts: 12


« Reply #1 on: Thursday 16 December 2010, 07:54:30 pm »

Hi Denis

I've had a similar problem a few times - I'm on 2.4.

I can't say what the problem is/was, the  were similar - I kept getting the dialog to authenticate. As far as I can remember I got it in IE8 and Firefox though. What I did to make it work again was to go through my access policies from the top (I have 7 policies) and edit each one and then save it without making any changes. After saving the last policy, I "Apply" to restart the services. It got me going a few times before.

I have "integrated authentication" working on IE and Firefox, i.e. users don't have to type their credentials when they open their browser. I haven’t done anything on Endian side to make this work though. The browser needs to be configured to pass the credentials to the proxy when required. Let me know if you need more detail on doing this.

The only times I find the browser showing the authentication dialog is when the user account trying to access the internet is locked out or when a user who is not allowed access to the internet tries to access the internet.

Just out of interest, did you install using the 2.4.1 ISO and joined AD immediately, or did you install updates first?
Logged
dtruffo
Full Member
***
Offline Offline

Posts: 11


« Reply #2 on: Thursday 16 December 2010, 09:00:07 pm »

Thank you very much..

I joined AD without problems after installing from scratch 2.4.1.... Just lucky Huh  Roll Eyes

Can you please give me some informations about configuring IE an Firefox to automatically pass credentials, please !!

TY

Denis
Logged
nbj
Jr. Member
*
Offline Offline

Posts: 1


« Reply #3 on: Tuesday 11 January 2011, 11:43:46 pm »

Hi,
I had the same problem

See if you have this error in /var/log/squid/cache.log:
"Login for user [domain]\[user]@[CC] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly.]"

If so do:
chown -R root:squid /var/cache/samba/winbindd_privileged
/etc/init.d/winbind restart

It worked for me.

Regards
Logged
bcarrier
Jr. Member
*
Offline Offline

Posts: 2


« Reply #4 on: Wednesday 12 January 2011, 03:06:41 am »

I had the same problem and this worked for me. Thanks nbj


Hi,
I had the same problem

See if you have this error in /var/log/squid/cache.log:
"Login for user [domain]\[user]@[CC] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly.]"

If so do:
chown -R root:squid /var/cache/samba/winbindd_privileged
/etc/init.d/winbind restart

It worked for me.

Regards

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com