|
Title: EFW 3.X & AD asks for User Name / Password Post by: Manit on Tuesday 19 May 2015, 11:25:34 pm Dear All,
I'm EFW fan and I've been using it since very long (can't remember how long). I deployed to my small size network customers without any problem for many years. Here are my standard configuration: 1. Windows Server 2008 as AD with INTERNET_USERS_GROUP pre-defined on AD. 2. EFW joined to AD / client access to the internet via proxy with NTLM + Web Filter + Access Policy 3. on EFW Web Filter / Page Filter I've 'TURN-ON' some un-related to office work categories on such as "Chat, Games, Hacking & Warez" etc. But as far as I'm testing on EFW 3 including the latest one "EFW-COMMUNITY-3.0.5-beta1-devel-201504071248.iso" Problem : "Sometime" at user client PC the Authentication user log-on screen just pops up and asks for User Name & Password. Since I've tested, seem like it pops up when user go to some blocked sites (defined on Web Filter). I'm facing on this problem since version 3 released and can't get issue resolve. Please help. Thank You Title: Re: EFW 3.X & AD asks for User Name / Password Post by: dda on Wednesday 20 May 2015, 04:19:54 am Have experienced that... very annoying. It actually stops you from loading an allowed page if you try to subsequently. I switched to LDAP and it solved that and a other problems.
Title: Re: EFW 3.X & AD asks for User Name / Password Post by: burja2 on Wednesday 10 June 2015, 02:16:23 pm I've seen something written in the reference manual regarding a setting to be altered in group policies (gpedit.msc) to address an issue similar to the one you are describing on client side.
NTLM authentication with Windows Vista and Windows 7. The HTTP Proxy in the Endian UTM Appliance uses negotiated NTLMv2, while both Windows Vista and Windows 7 allow by default only straight NTLMv2. As a result, a client installing those operating systems may fail to authenticate to the HTTP proxy even when supplying the correct credentials. The following changes to the client configuration are required to correctly authenticate: Start ‣ gpedit.msc (run as administrator) Go to: Computer configuration ‣ Windows Settings ‣ Security Settings ‣ Local Policies ‣ Security Options Find the configuration option Network Security: LAN MANAGER Authentication Level Select the value “Send LM * NTLM - use NTLMv2 session security if negotiated” After applying these changes the client browser should correctly authenticate using the AD Login Name / Credentials for the HTTP Proxy. Title: Re: EFW 3.X & AD asks for User Name / Password Post by: Juarez1972 on Monday 06 July 2015, 11:46:23 pm I have the same problem. I tried it and don't works. I tried too:
# chgrp squid /var/cache/samba/winbindd_privileged # chmod 750 /var/cache/samba/winbindd_privileged and don't works. Some machines are linux and some Windows is standalone. Everething ask for password if user is not in the group that have permissions. I tried change de rules order but don't run too. The problem is the Access Policy rules. Somebody can help me? Title: Re: EFW 3.X & AD asks for User Name / Password Post by: Juarez1972 on Tuesday 14 July 2015, 06:46:57 am To works without being asked password at no time did the lock without relating to a group (no authentication required).
Only release was made by AD user group. The Access Policy looked like this: 3 filter using 'social_networks_rules' GREEN .facebook.com .youtube.com .twitter.com .pinterest.com .netflix.com .ytimg.com social_networks_group Always ANY 4 Access denied GREEN .facebook.com .youtube.com .twitter.com .pinterest.com .netflix.com .ytimg.com .linkedin.com Not required Always ANY Thank you all. Title: Re: EFW 3.X & AD asks for User Name / Password Post by: Dumisani on Friday 09 June 2017, 09:32:05 pm Please help i have setup endian community firewall. firewall only shows outgoing mails at mail queue but not for incoming mail.
Title: EFW 3 X AD asks for User Name / Password Post by: Atmotmefe on Tuesday 31 October 2017, 04:50:32 am I used to be able to save my password & user name. Starting today, I cant. Is there something I have to do?
Title: Re: EFW 3.X & AD asks for User Name / Password Post by: cocoalcazar on Thursday 01 March 2018, 03:40:03 am Re: EFW 3.X & AD asks for User Name / Password « Reply #2 on: June 10, 2015, 02:16:23 PM » Reply with quote I've seen something written in the reference manual regarding a setting to be altered in group policies (gpedit.msc) to address an issue similar to the one you are describing on client side. NTLM authentication with Windows Vista and Windows 7. The HTTP Proxy in the Endian UTM Appliance uses negotiated NTLMv2, while both Windows Vista and Windows 7 allow by default only straight NTLMv2. As a result, a client installing those operating systems may fail to authenticate to the HTTP proxy even when supplying the correct credentials. The following changes to the client configuration are required to correctly authenticate: Start ‣ gpedit.msc (run as administrator) Go to: Computer configuration ‣ Windows Settings ‣ Security Settings ‣ Local Policies ‣ Security Options Find the configuration option Network Security: LAN MANAGER Authentication Level Select the value “Send LM * NTLM - use NTLMv2 session security if negotiated” After applying these changes the client browser should correctly authenticate using the AD Login Name / Credentials for the HTTP Proxy. Does this method work? |