+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 30 of 30
Internet Related/Filtering/Firewall Thread, School Guardian Filtering problem in Technical; Check an account which is showing up as unauthenticated I bet you will find the AD user settings are not ...
  1. #16
    paul's Avatar
    Join Date
    Jun 2005
    Location
    Preston
    Posts
    170
    Thank Post
    2
    Thanked 12 Times in 8 Posts
    Rep Power
    21
    Check an account which is showing up as unauthenticated I bet you will find the AD user settings are not completed all users should have a windows 2000 style user logon name (user@domain.local, top box of account tab). As Rob mentioned just above this is needed for both admin and users who are going to be browsing via smoothwall.
    Last edited by paul; 11th February 2009 at 09:02 AM.

  2. Thanks to paul from:

    diggory (6th March 2009)

  3. #17

    rob_f's Avatar
    Join Date
    May 2008
    Location
    Leeds
    Posts
    224
    Thank Post
    15
    Thanked 73 Times in 56 Posts
    Rep Power
    25
    Yes, you're right (apart from the fact that I'm not Tom, but whilst he's on holiday I may as well be... ) however we've recently added a little ticky box on Services > Authentication > Settings > Advanced called "SAM Account Name" that should allow you to authenticate users that don't have the aforementioned username type. Check with support if you've any queries around this, as I haven't had chance to try it out myself. Having said that, make sure anyway that the user you are using to connect to AD on the auth settings page has both types of username.

  4. #18
    diggory's Avatar
    Join Date
    Sep 2008
    Location
    Bristol
    Posts
    85
    Thank Post
    36
    Thanked 11 Times in 10 Posts
    Rep Power
    13

    User names...

    I've had the same problem and thanks to this post and a few calls, I found that quite a few of my users didn't have post 2000 user@domain login field. Sorted it out with an Active directory utility (Ad Infinitum) this afternoon and now I'm getting domain users in the correct smoothwall groups using NTLM identification

    Phew! - I should have check my user accounts a little more carefully...

  5. Thanks to diggory from:

    contink (31st March 2009)

  6. #19

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,517
    Thank Post
    1,494
    Thanked 1,050 Times in 919 Posts
    Rep Power
    302
    Quote Originally Posted by diggory View Post
    I've had the same problem and thanks to this post and a few calls, I found that quite a few of my users didn't have post 2000 user@domain login field. Sorted it out with an Active directory utility (Ad Infinitum) this afternoon and now I'm getting domain users in the correct smoothwall groups using NTLM identification

    Phew! - I should have check my user accounts a little more carefully...
    I had that the other morning thinking hmmmm why are these handfull being banned as its no internet for unauthenticated and that was why, added the @domain.com bit in and its fine now no issues.

  7. #20
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118
    Quote Originally Posted by diggory View Post
    I've had the same problem and thanks to this post and a few calls, I found that quite a few of my users didn't have post 2000 user@domain login field. Sorted it out with an Active directory utility (Ad Infinitum) this afternoon and now I'm getting domain users in the correct smoothwall groups using NTLM identification
    Just solve my own problem with this and just a tip for using Ad Infinitum, as it took me a while to suss this out.

    Manage Objects
    Manage: Users
    Select from: OU
    Task: Set a property
    Locate the user(s) you want to change
    Property to set: UPN
    Property value: %username%@domain.foo

  8. #21

    Join Date
    Feb 2010
    Location
    Sydney, NSW, AU
    Posts
    20
    Thank Post
    3
    Thanked 3 Times in 2 Posts
    Rep Power
    10
    Hi guys,
    I'm coming up against the same problem in Network Guardian 2008. Our usernames are in the format firstinitial.lastname (e.g. f.nurk for Fred Nurk), and in Active Directory that appears as:

    Code:
    User logon name:
    f.nurk                  @domain.ext
    where @domain.ext is in the drop-down box.

    If I understand correctly, what you guys are doing is changing the User logon name to 'f.nurk@domain.ext', which would look like this:

    Code:
    User logon name:
    f.nurk@domain.ext       @domain.ext
    Have I got that right? If so, doesn't their username display as 'f.nurk@domain.ext@domain.ext'?

    Thanks for any help you can provide.

    Cheers,
    Daniel

  9. #22
    diggory's Avatar
    Join Date
    Sep 2008
    Location
    Bristol
    Posts
    85
    Thank Post
    36
    Thanked 11 Times in 10 Posts
    Rep Power
    13
    Quote Originally Posted by dgordon View Post
    Hi guys,
    I'm coming up against the same problem in Network Guardian 2008. Our usernames are in the format firstinitial.lastname (e.g. f.nurk for Fred Nurk), and in Active Directory that appears as:

    Code:
    User logon name:
    f.nurk                  @domain.ext
    where @domain.ext is in the drop-down box.

    Cheers,
    Daniel
    That should already be correct. I've attached an example shot of an old account from our AD, which is setup ok for smoothwall. Where the username is
    Code:
    student1
    See below...
    Attached Images Attached Images

  10. #23

    Join Date
    Feb 2010
    Location
    Sydney, NSW, AU
    Posts
    20
    Thank Post
    3
    Thanked 3 Times in 2 Posts
    Rep Power
    10
    Thanks diggory, that's exactly what we've got as well - yet this problem keeps happening!

  11. #24
    linkazoid's Avatar
    Join Date
    May 2007
    Location
    London
    Posts
    645
    Thank Post
    119
    Thanked 89 Times in 73 Posts
    Rep Power
    78
    Just going to mention that we're also having the same problem as the post above....

    I opened a thread and then got pointed to this one..


    My Thread


    Michael

  12. #25


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,463
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    I don't see anything immediately wrong, but then I havent had my coffee yet. Let me get some nice kenyan stuff in the pot, and i'll grab RF, and have a look at this.

    Sorry I didn't get chance to sort this yesterday evening.

  13. #26

    rob_f's Avatar
    Join Date
    May 2008
    Location
    Leeds
    Posts
    224
    Thank Post
    15
    Thanked 73 Times in 56 Posts
    Rep Power
    25
    dgordon - everything looks fine with your usernames, basically top two boxes are user and @domain and next two Netbios domain name then user.

    The system assumes that your Netbios domain name (i.e. the domain name you usually see in the windows logon box on a workstation) is the same as your DNS domain name up to the first dot (e.g. netbios domain name = school, DNS domain name = school.grid.sch.uk). If this isn't the case then you might need to specify it separately in the authentication settings. However if this isn't right then using NTLM Auth will fail straight away and the proxy won't be able to join the domain.

    If user@domain is missing generally you see people being authenticated, but no groups found which causes them to go to Default Users. You should be able to see this usually in the authentication logs. Do you have Default Users turned on, as if you don't it may be then falling back to Unauthenticated IPs. Having said that, Use SAMAccountName should avoid that anyway by not using the @domain part of the username.

    I see Linkazoid has a ticket open with support on a different issue, you might want to hijack it with this one too and see what they reckon. Same for dgordon, if you can't get anywhere with this feel free to call in.

  14. #27

    Join Date
    Feb 2010
    Location
    Sydney, NSW, AU
    Posts
    20
    Thank Post
    3
    Thanked 3 Times in 2 Posts
    Rep Power
    10
    Hi Rob,
    Thanks for your reply. We do not currently have support with SmoothWall - is this something that we would need to purchase support for, or would it be classed by SmoothWall as a bug that needs a fix?

    Cheers,
    Daniel

  15. #28


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,463
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    @dgordon: call it in anyway - and we will look at it!

    Also - looks like you are with Custom Tech of Sydney. They should be able to help more directly. Talk to Gordon Hubbard or Judi Dey there.
    Last edited by tom_newton; 23rd February 2010 at 08:33 AM.

  16. #29

    JJonas's Avatar
    Join Date
    Jan 2008
    Location
    North Walsham, Norfolk
    Posts
    3,092
    Thank Post
    382
    Thanked 429 Times in 318 Posts
    Rep Power
    383
    We had a similar problem recently. We had to enable the SAM Account name option to get it to work. (services>>authentication>>settings>>advanced)

  17. #30

    Join Date
    Feb 2010
    Location
    Sydney, NSW, AU
    Posts
    20
    Thank Post
    3
    Thanked 3 Times in 2 Posts
    Rep Power
    10
    linkazoid: Are you still experiencing this problem? From what we can tell, it's only happening to sites that are on one of our custom lists (for example, youtube.com is on a staff-only allow custom list). Does that sound like the same thing that's happening for you?

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. School Guardian
    By tldees in forum Wireless Networks
    Replies: 3
    Last Post: 12th June 2008, 05:08 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •