EFW Support

Support => EFW SMTP, HTTP, SIP, FTP Proxy Support => Topic started by: qwaven on Friday 28 January 2011, 09:55:24 am



Title: Join AD Fails
Post by: qwaven on Friday 28 January 2011, 09:55:24 am
Hello all,

I've just got Endian working and varified that the proxy/content filter does work. I've now tried to join the system to my Microsoft Active Directory domain using the "adjoin" button. I get a big red box saying "failed to join domain" .

Would anyone be able to assist with figuring out why this is failing?

I've already tried various accounts which are domain admins.

Thanks!


Title: Re: Join AD Fails
Post by: davvidde on Tuesday 01 February 2011, 07:03:33 am
Read THIS please and you get goal yourself:
http://kb.endian.com/entry/49/

Davide


Title: Re: Join AD Fails
Post by: qwaven on Tuesday 01 February 2011, 07:33:00 am
Hi,

Thanks for your response. I've actually recently got the AD Join feature to work however authentication fails. When trying to browse to a site I am prompted to username and password which does not get excepted.

Any thoughts?


Title: Re: Join AD Fails
Post by: davvidde on Tuesday 08 February 2011, 09:16:14 am
if AD join works but authentication don't work try this from a ssh console:

squidclient -l 192.168.x.x -p 8080 -u YOURUSER -w YOURPASSWORD http://www.google.com

where -l is the firewall ip from green if you want to test from green, orange and so on..
-p the port where squid is listening to
-u the user you want to test
-w the user password

If doesn't work (it gives you an error), look permissions of: /var/cache/samba/winbindd_privileged

if you get permissions like this
drwxr-x--- 2 root root 4096 feb 04 13:18 winbindd_privileged

then this is the error because it should be owned by root:squid
To correct:

chown -R root:squid /var/cache/samba/winbindd_privileged
chmod -R 750 /var/cache/samba/winbindd_privileged
restartsquid --force


Title: Re: Join AD Fails
Post by: qwaven on Tuesday 08 February 2011, 09:40:04 am

Thanks for the help.

I tried the command and I get what appears to be HTML code. I believe this means its working?

However when trying from a computer I still am prompted for username and password.

Any thoughts?

I am using one cable for the proxy right now. Does this matter? (with auth off I can browse the net fine)

Thanks!


Title: Re: Join AD Fails
Post by: davvidde on Wednesday 09 February 2011, 12:47:48 am
Post more details of your HTTP proxy configuration. Use print screen. Have you looked at file permissions of /var/cache/samba/winbindd_privileged ?


Title: Re: Join AD Fails
Post by: qwaven on Wednesday 09 February 2011, 02:59:36 am
Hello again,

Thanks for the info. Just tried the permissions and I "think" authentication is working now. I can browse sites without being prompted for a password.

However I don't think the block lists are working.  I have most of them enabled or RED and I can still browse to youtube...etc. although if I put in a custom blocked page "facebook.com" this works.

Any ideas? Is it possible to view block lists? Or are these updated?

Thanks!


Title: Re: Join AD Fails
Post by: davvidde on Thursday 10 February 2011, 09:39:43 am
You need a more searching work on this forum because your questions are already posted.
However there isn't a front-end to modify the predefined block lists. You can view it with a normal text editor in /etc/dansguardian/blacklists/<CATEGORIES>/domain ;   There is also a script here http://www.efwsupport.com/index.php?topic=2147.0  that help you to retrieve blacklist from an on line service.
Hope this help you.


Title: Re: Join AD Fails
Post by: qwaven on Friday 11 February 2011, 01:14:56 am

Thanks for all your help. I think I've figured things out now. Still need to do some tweaking I'm sure but otherwise all seems good.

Cheers! :)