Welcome, Guest. Please login or register.
Did you miss your activation email?
November 23, 2017, 01:42:41 AM

Login with username, password and session length

Visit the Official Endian Knowledge Base  HERE
13543 Posts in 4160 Topics by 5268 Members
Latest Member: Khmart
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  EFW 3.X & AD asks for User Name / Password
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: EFW 3.X & AD asks for User Name / Password  (Read 4278 times)
Manit
Jr. Member
*
Offline Offline

Posts: 1


« on: May 19, 2015, 11:25:34 PM »

Dear All,

I'm EFW fan and I've been using it since very long (can't remember how long).
I deployed to my small size network customers without any problem for many years.

Here are my standard configuration:
1. Windows Server 2008 as AD with INTERNET_USERS_GROUP pre-defined on AD.
2. EFW joined to AD / client access to the internet via proxy with NTLM + Web Filter + Access Policy
3. on EFW Web Filter / Page Filter I've 'TURN-ON' some un-related to office work categories on  such as "Chat, Games, Hacking & Warez"  etc.  

But as far as I'm testing on EFW 3 including the latest one "EFW-COMMUNITY-3.0.5-beta1-devel-201504071248.iso"

Problem :
"Sometime" at user client PC the Authentication user log-on screen just pops up and asks for User Name & Password.
Since I've tested, seem like it pops up when user go to some blocked sites (defined on Web Filter).

I'm facing on this problem since version 3 released and can't get issue resolve.

Please help.

Thank You
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #1 on: May 20, 2015, 04:19:54 AM »

Have experienced that... very annoying.  It actually stops you from loading an allowed page if you try to subsequently.  I switched to LDAP and it solved that and a  other problems.
Logged
burja2
Jr. Member
*
Offline Offline

Posts: 8


« Reply #2 on: June 10, 2015, 02:16:23 PM »

I've seen something written in the reference manual regarding a setting to be altered in group policies (gpedit.msc) to address an issue similar to the one you are describing on client side.

NTLM authentication with Windows Vista and Windows 7.

The HTTP Proxy in the Endian UTM Appliance uses negotiated NTLMv2, while both Windows Vista and Windows 7 allow by default only straight NTLMv2. As a result, a client installing those operating systems may fail to authenticate to the HTTP proxy even when supplying the correct credentials. The following changes to the client configuration are required to correctly authenticate:

        Start ‣ gpedit.msc (run as administrator)
        Go to: Computer configuration ‣ Windows Settings ‣ Security Settings ‣ Local Policies ‣ Security Options
        Find the configuration option Network Security: LAN MANAGER Authentication Level
        Select the value “Send LM * NTLM - use NTLMv2 session security if negotiated”

After applying these changes the client browser should correctly authenticate using the AD Login Name / Credentials for the HTTP Proxy.
Logged
Juarez1972
Jr. Member
*
Offline Offline

Posts: 4


« Reply #3 on: July 06, 2015, 11:46:23 PM »

I have the same problem. I tried it and don't works. I tried too:
# chgrp squid /var/cache/samba/winbindd_privileged
# chmod 750 /var/cache/samba/winbindd_privileged
and don't works.
Some machines are linux and some Windows is standalone. Everething ask for password if user is not in the group that have permissions.
I tried change de rules order but don't run too. The problem is the Access Policy rules.
Somebody can help me?
Logged
Juarez1972
Jr. Member
*
Offline Offline

Posts: 4


« Reply #4 on: July 14, 2015, 06:46:57 AM »

To works without being asked password at no time did the lock without relating to a group (no authentication required).
Only release was made by AD user group.
The Access Policy looked like this:
3 filter using 'social_networks_rules' GREEN .facebook.com .youtube.com .twitter.com .pinterest.com .netflix.com .ytimg.com social_networks_group Always ANY
4 Access denied GREEN .facebook.com .youtube.com .twitter.com .pinterest.com .netflix.com .ytimg.com .linkedin.com Not required Always ANY
Thank you all.
Logged
Dumisani
Jr. Member
*
Offline Offline

Posts: 2


« Reply #5 on: June 09, 2017, 09:32:05 PM »

Please help i have setup endian community firewall. firewall only shows outgoing mails at mail queue but not for incoming mail.
Logged
Atmotmefe
Jr. Member
*
Offline Offline

Gender: Male
Posts: 6


« Reply #6 on: October 31, 2017, 04:50:32 AM »

I used to be able to save my password & user name.  Starting today, I cant.  Is there something I have to do?
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.081 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com