diggory (6th March 2009)
Check an account which is showing up as unauthenticated I bet you will find the AD user settings are not completed all users should have a windows 2000 style user logon name (firstname.lastname@example.org, top box of account tab). As Rob mentioned just above this is needed for both admin and users who are going to be browsing via smoothwall.
Last edited by paul; 11th February 2009 at 09:02 AM.
diggory (6th March 2009)
Yes, you're right (apart from the fact that I'm not Tom, but whilst he's on holiday I may as well be... ) however we've recently added a little ticky box on Services > Authentication > Settings > Advanced called "SAM Account Name" that should allow you to authenticate users that don't have the aforementioned username type. Check with support if you've any queries around this, as I haven't had chance to try it out myself. Having said that, make sure anyway that the user you are using to connect to AD on the auth settings page has both types of username.
I've had the same problem and thanks to this post and a few calls, I found that quite a few of my users didn't have post 2000 user@domain login field. Sorted it out with an Active directory utility (Ad Infinitum) this afternoon and now I'm getting domain users in the correct smoothwall groups using NTLM identification
Phew! - I should have check my user accounts a little more carefully...
contink (31st March 2009)
Select from: OU
Task: Set a property
Locate the user(s) you want to change
Property to set: UPN
Property value: %email@example.com
I'm coming up against the same problem in Network Guardian 2008. Our usernames are in the format firstinitial.lastname (e.g. f.nurk for Fred Nurk), and in Active Directory that appears as:
where @domain.ext is in the drop-down box.Code:User logon name: f.nurk @domain.ext
If I understand correctly, what you guys are doing is changing the User logon name to 'firstname.lastname@example.org', which would look like this:
Have I got that right? If so, doesn't their username display as 'email@example.com@domain.ext'?Code:User logon name: firstname.lastname@example.org @domain.ext
Thanks for any help you can provide.
Thanks diggory, that's exactly what we've got as well - yet this problem keeps happening!
I don't see anything immediately wrong, but then I havent had my coffee yet. Let me get some nice kenyan stuff in the pot, and i'll grab RF, and have a look at this.
Sorry I didn't get chance to sort this yesterday evening.
dgordon - everything looks fine with your usernames, basically top two boxes are user and @domain and next two Netbios domain name then user.
The system assumes that your Netbios domain name (i.e. the domain name you usually see in the windows logon box on a workstation) is the same as your DNS domain name up to the first dot (e.g. netbios domain name = school, DNS domain name = school.grid.sch.uk). If this isn't the case then you might need to specify it separately in the authentication settings. However if this isn't right then using NTLM Auth will fail straight away and the proxy won't be able to join the domain.
If user@domain is missing generally you see people being authenticated, but no groups found which causes them to go to Default Users. You should be able to see this usually in the authentication logs. Do you have Default Users turned on, as if you don't it may be then falling back to Unauthenticated IPs. Having said that, Use SAMAccountName should avoid that anyway by not using the @domain part of the username.
I see Linkazoid has a ticket open with support on a different issue, you might want to hijack it with this one too and see what they reckon. Same for dgordon, if you can't get anywhere with this feel free to call in.
Thanks for your reply. We do not currently have support with SmoothWall - is this something that we would need to purchase support for, or would it be classed by SmoothWall as a bug that needs a fix?
@dgordon: call it in anyway - and we will look at it!
Also - looks like you are with Custom Tech of Sydney. They should be able to help more directly. Talk to Gordon Hubbard or Judi Dey there.
Last edited by tom_newton; 23rd February 2010 at 08:33 AM.
We had a similar problem recently. We had to enable the SAM Account name option to get it to work. (services>>authentication>>settings>>advanced)
linkazoid: Are you still experiencing this problem? From what we can tell, it's only happening to sites that are on one of our custom lists (for example, youtube.com is on a staff-only allow custom list). Does that sound like the same thing that's happening for you?
There are currently 1 users browsing this thread. (0 members and 1 guests)