+ Post New Thread
Results 1 to 11 of 11
Internet Related/Filtering/Firewall Thread, Smoothwall / Lightspeed AD Auth Process in Technical; Hey guys, I hope this hasn't been done to death, but a quick search didn't reveal exactly what I was ...
  1. #1

    Join Date
    Oct 2012
    Posts
    82
    Thank Post
    0
    Thanked 11 Times in 10 Posts
    Rep Power
    5

    Smoothwall / Lightspeed AD Auth Process

    Hey guys, I hope this hasn't been done to death, but a quick search didn't reveal exactly what I was looking for, and I'm new to filtering management, so here it goes:

    I'm wondering what the user experiences when either Smoothwall or Lightspeed box is set to authenticate with the AD. At the moment, our filtering is managed by our LEA and there's simply one web for all, and very little in the way of reporting. The benefits of AD integration seem pretty great, but I'm wondering how they affect the user.

    I've read somewhere that Lightspeed uses/can use a program that submits logging info silently to the user, effectively making the process invisible - but what if it's a user's device? Will it just default to a login page? This behaviour seems preferable.

    With Smoothwall, is there a way of achieving something similar? I'm a little concerned about the backlash of teachers/office staff suddenly finding a barrier to the internet.

    Also, regarding both, do web sessions time out? Say a member of the office staff wasn't active for an hour, would they have to sign in again? I can see how that would get fairly annoying..

    In an ideal world, the process would be totally invisible to the user on school machines, and it sounds like Lightspeed has that covered. Is Smoothwall making any ground on this front? Is this premise incorrect anyway?

    All info, including links to RTFM (considering I don't have one!) will be greatly appreciated! If it isn't clear, at the moment I have a preference for Smoothwall, but Lightspeed and My Big Campus do sound interesting.

    Thanks, Ed

  2. #2
    robk's Avatar
    Join Date
    Nov 2005
    Location
    Ashbourne
    Posts
    672
    Thank Post
    170
    Thanked 126 Times in 105 Posts
    Blog Entries
    1
    Rep Power
    47
    Smoothwall will auth against ad via either ntlm or Kerberos for domain joined clients (therefore traansparent to the user) and a captive portal for non domain joined clients. Seems to work well, and be none intrusive for yhe end user and no client to install on the workstations.

    The soon to be released byod function of smoothwall utm products does the same thing for non domain joined clients using 802.1x auth.

  3. #3

    Join Date
    Oct 2012
    Posts
    82
    Thank Post
    0
    Thanked 11 Times in 10 Posts
    Rep Power
    5
    Thanks for the reply. I had no idea about that feature, and it really makes my post quite pointless - though I'd love to know more about how this is accomplished if you could point me in the right direction.

    Am I right in thinking the basic process is that the UTM looks up the host name, connects to the AD and does some trickery to discover who is logged onto it? If so, I'd be interested in knowing how it achieves this - because I have no idea how to do that, and now I feel quite inadequate!

  4. #4


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Those methods tend to be horribly unreliable. We get the username passed to Smoothwall from the client somehow - proxies are allowed to ask for NTLM and kerberos auth, and windows & mac domain PCs can use the trusted 3rd party (AD) to make sure the conversations are kosher. Otherwise it's either some form of clientside software asking for a password (maybe once, maybe every logon) or a captive portal.

    The new option RobK speaks of leverages 802.1x logins to a wifi system, so we pull the username from there then go to AD for group membership.

  5. #5
    Jona's Avatar
    Join Date
    May 2007
    Location
    Cranleigh
    Posts
    467
    Thank Post
    14
    Thanked 50 Times in 48 Posts
    Rep Power
    23
    Does anyone have an estimated release date for this feature in smoothwall? We're currently evaluating whether lightspeed or smoothwall would provide the best user experience for our users and integration with our existing 802.1x would be a killer feature.
    Last edited by Jona; 6th May 2013 at 08:17 PM.

  6. #6
    Eappariello's Avatar
    Join Date
    Jan 2007
    Location
    London
    Posts
    72
    Thank Post
    41
    Thanked 16 Times in 14 Posts
    Rep Power
    18
    Quote Originally Posted by Driftingashore View Post
    Hey guys, I hope this hasn't been done to death, but a quick search didn't reveal exactly what I was looking for, and I'm new to filtering management, so here it goes:

    I'm wondering what the user experiences when either Smoothwall or Lightspeed box is set to authenticate with the AD. At the moment, our filtering is managed by our LEA and there's simply one web for all, and very little in the way of reporting. The benefits of AD integration seem pretty great, but I'm wondering how they affect the user.

    I've read somewhere that Lightspeed uses/can use a program that submits logging info silently to the user, effectively making the process invisible - but what if it's a user's device? Will it just default to a login page? This behaviour seems preferable.

    With Smoothwall, is there a way of achieving something similar? I'm a little concerned about the backlash of teachers/office staff suddenly finding a barrier to the internet.

    Also, regarding both, do web sessions time out? Say a member of the office staff wasn't active for an hour, would they have to sign in again? I can see how that would get fairly annoying..

    In an ideal world, the process would be totally invisible to the user on school machines, and it sounds like Lightspeed has that covered. Is Smoothwall making any ground on this front? Is this premise incorrect anyway?

    All info, including links to RTFM (considering I don't have one!) will be greatly appreciated! If it isn't clear, at the moment I have a preference for Smoothwall, but Lightspeed and My Big Campus do sound interesting.

    Thanks, Ed
    You have it about right for Lightspeed. We prefer to use client side agents for accuracy and speed plus some other benifits. When a device doesn't have this method most customers prefer to fall back to web authentication, although other options can be used.
    Host machines with agents do not time out as the agent monitors logon, logout or fast user switching events transparently, web authenticated clients can manually logout, or time out. The length of the authentication session can be defined by User, User OU, or Group.
    MyBigCampus is linked to the filter, when it comes to making life easier and getting the right content to staff and students MBC is key.

    Hope that helps
    Simon

  7. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Quote Originally Posted by Jona View Post
    Does anyone have an estimated release date for this feature in smoothwall? We're currently evaluating whether lightspeed or smoothwall would provide the best user experience for our users and integration with our existing 802.1x would be a killer feature.
    It's slated to be in the early june release, i'm not PO on that project, but AFAIK it's on track and in beta with some customers @robk included.

  8. #8

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    I actually like having the audit trail which the Lightspeed client gives you.

    A few times we've been asked in the past "I need to know who was sat at x machine at y time" and I wouldn't have been able to tell them particularly easy. I can now which is useful.


  9. #9
    robk's Avatar
    Join Date
    Nov 2005
    Location
    Ashbourne
    Posts
    672
    Thank Post
    170
    Thanked 126 Times in 105 Posts
    Blog Entries
    1
    Rep Power
    47
    @RTFM does the machine event log not tell you that anyway?

  10. #10

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    Quote Originally Posted by robk View Post
    @RTFM does the machine event log not tell you that anyway?
    Is it easier to do that or check a report in LS (if the machine is off, for example, you can't manage it so you'll have to manually go to it etc)? I find it much easier to see the report in LS and I can tell everything about the user from one place.

    Just looking at the trail on my machine and it appears to miss off a lot of logoffs, the LS report has them on with a time associated to them too.

    Certainly not the be all and end all when it comes to which filter to purchase but i've found it useful since we have trialled and installed LS.
    Last edited by RTFM; 7th May 2013 at 08:16 AM.

  11. #11


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    The same report is available on smoothwall, but will give different answers depending on login methods (eg. Ntlm would tell you only from the time a user started browsing)

SHARE:
+ Post New Thread

Similar Threads

  1. lightspeed web auth
    By ADMaster in forum Internet Related/Filtering/Firewall
    Replies: 4
    Last Post: 18th March 2013, 02:31 PM
  2. ILO / DRAC / Acer Smart Console : Enable AD Auth
    By RabbieBurns in forum Hardware
    Replies: 2
    Last Post: 17th April 2011, 02:31 PM
  3. Replies: 1
    Last Post: 9th April 2010, 12:42 PM
  4. Joomla AD Auth with 'Log on to' enabled
    By Michael_84 in forum Web Development
    Replies: 2
    Last Post: 22nd January 2010, 11:09 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •