Internet Related/Filtering/Firewall Thread, Smoothwall Help in Technical; I have just bought smoothwall SchoolGuardian and have got it all installed nicely but i cant get the damn LDAP ...
I have just bought smoothwall SchoolGuardian and have got it all installed nicely but i cant get the damn LDAP connection working properly I am 90% sure i have my settings correct but and have applied the changes and rebooted the server.
Settings i have got are below:
primary server : <servername>.internal.manhood.sussex.sch.uk
secondary server : <servername>.internal.manhood.sussex.sch.uk
kerberos realm: INTERNAL.MANHOOD.SUSSEX.SCH.UK
server user: administrator@INTERNAL.MANHOOD.SUSSEX.SCH.UK
LDAP Port: 389
User root: OU=Manhood Community College,DC=Internal,DC=Manhood,DC=Sussex,DC=sch,DC =uk
The OU Manhood Community College is my top level OU in ad.
Instead of the administrator user, try creating a new user who is a domain admin (and hasn't got the password set to expire).
The administrator user often does not have a windows 2000 style user@domain login name. Hence cannot be used in this step.
If you find that your users don't have this style login name (on the accounts tab of their account properties), tick the "use SAM account name" underneath advanced. However the user in this first step in connecting to the directory must have both style usernames.
I have created a new account called smoothwall and changed it but it still wont connect. On the Authentication -> Control page the only ones that are running are 'Authentication Service' and 'Authentication Service Local'. All the others are closed!
Yeah i have this issue but don't generally need to restart it too often only when the updates are applied. just need to remember that it needs resetting everytime. have you tried it with the correct time? does it help with the issue at all?
Have you configured the system to get the time with ntp. Under system » preferences » time make sure you have set the correct time zone and then tick the box to enable network time retrieval.
Get the time set correctly first, otherwise you'll never get Kerberos to work.
Check to see if your time settings are the same as attached. Set them as this, click save, then "get time now". Hopefully that should make it always right. If running on a virtualisation platform, you may want to increase the network time retrieval frequency if you are seeing gradual time skew issues.
Right after getting this problem fixed yesterday i now have another! I have set the filtering rules to be block everything for all groups but its still letting you through (im typing this now going through it when i supposedly have blocked all web traffic!)
I have attached a screenshot of my filtering rules, as you can see i have disabled all of them apart from the block everything for all groups one. I only did this to see if the rules were overlapping and having a fight.
Are you perhaps in the network administrators group which by default is unfiltered - see Guardian > Authentication > Settings toward the bottom of the page.
Do you see your browsing in the logs (Information > Realtime > Web Filter or Information > Logs > Web Filter) and if so does it say "Exception" or similar next to it? This would again indicate the above. No log entries would mean you're not using the filter at all.
Have you created groups in AD to map accross to the filter? i'm not at the high school today but i can send you over a manual that i created when i set all my stuff up if you want.
LinkBack URL
About LinkBacks
I am 90% sure i have my settings correct but and have applied the changes and rebooted the server.
i hadnt set the dns servers on the internal nic 
