Authenticaton for AD on Endian 2.5

[Guest]

[Terry.P]

Hi All,

My problem is, that endian 2.5 joined the domain successfully, but when i go to "Access Policy">Add access policy>, choose userbased authentication.
I get "Can't find the AD / LDAP server.
I joined the domain using Windows Active Directory (NTLM).
Can anyone please assist  

[dda]

Review this http://efwsupport.com/index.php?topic=1015.0.  The file you will edit is the winbind.conf.tmpl instead however.

[Terry.P]

Hi dda,

Thanks for the help, I rebuild the Endian FW, and was able to setup my access policy.

My enviroment is server 2008 and a endian firewall.
Is it possible that i can setup these settings using Server 2008  and let the windows server give the dhcp.  I prefer not to use a pac file.

I have read that it is impossible to use a transparent proxy when using the way that i have set it up, this is with proxy authentication.

Please let me know 

[dda]

I personally don't use the DHCP server on EFW.  I have a static ip address which windows DHCP issues as the default gateway.  I dont know if i mentioned this before but I had a lot of problems with non-browser apps (like Antivirus and winduws updates) accessing the internet while using NTLM.  I subsequently updated to LDAP authentication using Microsoft ADAM and now everything works great.  I am not far from being a newbie myself as I have only started using EFW this year, so I had to learn by trial and error.

[aneeshjoseph]

Hi,

After reboot it is not connected to the AD automatically.  I need to add it again to the AD. Any idea ?

I checked the configuration file and the hosts entry. These are not changed , also I can ping to DC  hence not a DNS issue. Any Idea ?

Thanks

[dda]

Did you adjust the winbind.conf.tmpl as mentioned above?

[dda]

@Terry.P you can use the pac file and issue settings though Group Policy, I have only recently started doing this.  I use non-transparent proxy with LDAP authentication on a Windows 2003 SBS/Windows 2008 server envoirment.

[Terry.P]

Hi dda,

My apologies for the late reply.
I used the pac file with non transparent proxy and it worked, but was asked to make it work without a pac and by using a transparent proxy.
but when i use the option with just the transparent proxy, all websites gets blocked.
Any advise

[dda]

Using a pac pushed by the GPO is the best method and will mean that you don't have to manually new machines added to the network.  I am researching the transparent proxy, I remember there being something that does not suit what i wanted to achieve with the transparent proxy.  I believe it is related to authentication but i will verify and get back to you.

[dda]

according to this http://www.efwsupport.com/index.php?topic=2957.0
It looks like you have to allow https traffic in the outgoing firewall and block http if you are using transparent proxy. 

(Make sure that the default firewall rule allowing HTTP is disabled when the HTTP proxy is running, this will make sure no clients can access the web over HTTP directly. HTTPS must be left enabled as the Transparent proxy will not filter for HTTPS sites.)