Internet Related/Filtering/Firewall Thread, Smoothwall Help in Technical; ...
16th June 2009, 11:44 AM #16
Go to here services » authentication » include groups and select the appropriate user groups you want to include. Then go here services » authentication » groups and map the LDAP groups to the smoothwall group.
This will ensure that all your users are mapping to the appropriate smoothwall group.
16th June 2009, 01:11 PM #17
18th June 2009, 12:30 PM #18
Yep you guessed it another problem!!
90% of my users are appearing as unauthenticated ip's when they get the block page instead of staff or students. I have set up groups called staff and students that match with my ad groups called all staff and all students. Why is it doing this??
Oh just another quick thing how can i redirect a webpage to another?? I use a websearch page that provides with income so i want to redirect google/yahoo/ask etc to this page
Sorry for all the questions but my exchange server is dying so i am having such a fun time!!!
18th June 2009, 12:37 PM #19
What authentication type are you using? NTLM? go to gaurdian then authentication in the gui and check the settings in there.
18th June 2009, 12:49 PM #20
im using 'NTLM Identification (Terminal Services compatibility mode)' is this the right one to be using??
18th June 2009, 01:04 PM #21
I'm just using ntlm identification. it should be ok i suppose. what about the groups down at the bottom of the page for the web proxy allow. what are your settings in there?
18th June 2009, 01:10 PM #22
attached is a screen shot of my authentication settings. I have only set the unauthenticated one to be filtered as instead of no as i was getting winged at that they couldn't get onto any site!
18th June 2009, 01:17 PM #23
Is there anything different about these 90%? It seems like they are not getting the NTLM challenge. Definitely *unathenticated ips* and not default users?
As for redirecting search - look at your custom categories, and create one of type "content security" - the URL security rules in there allow you to use regular expressions to redirect user requests.
18th June 2009, 02:00 PM #24
Attached is a screen shot of the block page i get logged in as my test student. There is nothing different about the users at all, it is affecting staff and students though so they are obviously different!
18th June 2009, 02:19 PM #25
Have you restarted the smoothwall box? Sometimes ours stops being able to authenticate NTLM, I assume it's something to do with the machine account password expiring in AD.
Originally Posted by DSapseid
Looking at the auth messages in the system log would be a lot more use for diagnostics.
22nd June 2009, 11:29 AM #26
I have restarted the server and still the same! I looked at the logs as suggested but nothing glaringly obvious (well to me anyway!) however when i look on the realtime - system page i get the following message appearing every few seconds for different users. Im assuming this is what the problem is!
Jun 22 10:24:09 s_sys@MCC-SVR-01 dansguardian Reponse from AuthD not marked as OK; this is what we got:
Jun 22 10:27:29 s_sys@MCC-SVR-01 smoothauthd LDAP user search user=poolj002@INTERNAL.MANHOOD.SUSSEX.SCH.UK filter=(userPrincipalName=poolj002@INTERNAL.MANHOO D.SUSSEX.SCH.UK) searchbase=OU=Manhood Community College,DC=Internal,DC=Manhood,DC=Sussex,DC=sch,DC =uk
22nd June 2009, 11:32 AM #27
That looks generally OK. Do you perhaps have a funny netbios name for your network? I say funny, I think it assumes that it is "INTERNAL" based on your LDAP context above.
I'd be inclined to force it to whatever it needs to be under the advanced settings on the auth settings page.
Also, do all your users have username@domain style login names on their account tab in AD? If not, either get them created with something like ADinfinitum or whatever it's called, or tick the Use SAM Account Name in the same advanced auth settings section.
Failing that, feel free to give support a call. We all love a good AD query
22nd June 2009, 11:45 AM #28
No i dont have a funny netbios name, the netbios name is the 'internal.manhood.sussex.sch.uk' one and domain name is 'mcc'.
All users have a <username>@mcc enabled in AD.
Think i may phone support because i dont want to start messing around with the sam thing.
22nd June 2009, 11:50 AM #29
Theres no response on the smoothwall number i ring the 08700 1999 500 number and dont get the woman giving all the options it just rings i have held on for over a minute and still nothing!
22nd June 2009, 11:57 AM #30
Hmm, that's strange. Just tried now and it's ok. Give it another go and if it's not working i'll get someone to call you.
RE netbios name, it should be what you see in the domain box on windows PCs when you login - it is by default the leftmost portion of the DNS domain name and won't contain any dots.
By ninjabeaver in forum Internet Related/Filtering/Firewall
Last Post: 7th March 2009, 01:05 PM
By kylewilliamson in forum Internet Related/Filtering/Firewall
Last Post: 22nd February 2009, 12:31 AM
By Messa in forum Wireless Networks
Last Post: 20th November 2008, 09:51 AM
By CyberNerd in forum *nix
Last Post: 8th March 2007, 08:38 PM
By Simcfc73 in forum Wireless Networks
Last Post: 30th June 2006, 07:55 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)