Internet Related/Filtering/Firewall Thread, Smoothwall Help in Technical; I have just bought smoothwall SchoolGuardian and have got it all installed nicely but i cant get the damn LDAP ...
15th June 2009, 07:42 AM #1
I have just bought smoothwall SchoolGuardian and have got it all installed nicely but i cant get the damn LDAP connection working properly I am 90% sure i have my settings correct but and have applied the changes and rebooted the server.
Settings i have got are below:
primary server : <servername>.internal.manhood.sussex.sch.uk
secondary server : <servername>.internal.manhood.sussex.sch.uk
kerberos realm: INTERNAL.MANHOOD.SUSSEX.SCH.UK
server user: administrator@INTERNAL.MANHOOD.SUSSEX.SCH.UK
LDAP Port: 389
User root: OU=Manhood Community College,DC=Internal,DC=Manhood,DC=Sussex,DC=sch,DC =uk
The OU Manhood Community College is my top level OU in ad.
What have i got wrong??
15th June 2009, 08:31 AM #2
Instead of the administrator user, try creating a new user who is a domain admin (and hasn't got the password set to expire).
The administrator user often does not have a windows 2000 style user@domain login name. Hence cannot be used in this step.
If you find that your users don't have this style login name (on the accounts tab of their account properties), tick the "use SAM account name" underneath advanced. However the user in this first step in connecting to the directory must have both style usernames.
Hope this helps, if not feel free to let me know!
15th June 2009, 08:39 AM #3
I have created a new account called smoothwall and changed it but it still wont connect. On the Authentication -> Control page the only ones that are running are 'Authentication Service' and 'Authentication Service Local'. All the others are closed!
15th June 2009, 08:47 AM #4
is the time set the same on the smoothwall box? this will stop communication between active directory and smoothwall.
Thanks to krisd32 from:
tom_newton (15th June 2009)
15th June 2009, 09:44 AM #5
the time is an hour fast but whenever i change it and then reboot it resets itself!!!
15th June 2009, 09:49 AM #6
Yeah i have this issue but don't generally need to restart it too often only when the updates are applied. just need to remember that it needs resetting everytime. have you tried it with the correct time? does it help with the issue at all?
15th June 2009, 09:49 AM #7
Have you configured the system to get the time with ntp. Under system » preferences » time make sure you have set the correct time zone and then tick the box to enable network time retrieval.
Get the time set correctly first, otherwise you'll never get Kerberos to work.
Thanks to mounters from:
tom_newton (15th June 2009)
15th June 2009, 10:00 AM #8
I have set the time manually and still no luck
15th June 2009, 10:17 AM #9
All working now i hadnt set the dns servers on the internal nic
15th June 2009, 10:17 AM #10
this is my settings page.
15th June 2009, 10:40 AM #11
Check to see if your time settings are the same as attached. Set them as this, click save, then "get time now". Hopefully that should make it always right. If running on a virtualisation platform, you may want to increase the network time retrieval frequency if you are seeing gradual time skew issues.
15th June 2009, 10:42 AM #12
Thanks folks - you seem to have managed to sort things before my coffee kicked in!
Does sound like a GMT/DST issue if you are an hour out... what does the BIOS think it is doing?
For other "smaller" timing issues, Smoothie will shortly be changed to grab an ntp update on boot.
16th June 2009, 10:04 AM #13
Right after getting this problem fixed yesterday i now have another! I have set the filtering rules to be block everything for all groups but its still letting you through (im typing this now going through it when i supposedly have blocked all web traffic!)
I have attached a screenshot of my filtering rules, as you can see i have disabled all of them apart from the block everything for all groups one. I only did this to see if the rules were overlapping and having a fight.
I have set the proxy correct in ie.
16th June 2009, 10:14 AM #14
Are you perhaps in the network administrators group which by default is unfiltered - see Guardian > Authentication > Settings toward the bottom of the page.
Do you see your browsing in the logs (Information > Realtime > Web Filter or Information > Logs > Web Filter) and if so does it say "Exception" or similar next to it? This would again indicate the above. No log entries would mean you're not using the filter at all.
Thanks to rob_f from:
DSapseid (16th June 2009)
16th June 2009, 10:18 AM #15
Have you created groups in AD to map accross to the filter? i'm not at the high school today but i can send you over a manual that i created when i set all my stuff up if you want.
By ninjabeaver in forum Internet Related/Filtering/Firewall
Last Post: 7th March 2009, 12:05 PM
By kylewilliamson in forum Internet Related/Filtering/Firewall
Last Post: 21st February 2009, 11:31 PM
By Messa in forum Wireless Networks
Last Post: 20th November 2008, 08:51 AM
By CyberNerd in forum *nix
Last Post: 8th March 2007, 07:38 PM
By Simcfc73 in forum Wireless Networks
Last Post: 30th June 2006, 06:55 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)