+ Post New Thread
Results 1 to 9 of 9
Internet Related/Filtering/Firewall Thread, Smoothwall SG in non transparent mode not authenticating users in Technical; I had a bit of a nightmare yesterday with our terminal server farm, for some unknown reason as of yet ...
  1. #1

    Join Date
    Feb 2008
    Posts
    270
    Thank Post
    14
    Thanked 44 Times in 35 Posts
    Rep Power
    22

    Smoothwall SG in non transparent mode not authenticating users

    I had a bit of a nightmare yesterday with our terminal server farm, for some unknown reason as of yet they stopped applying their proxy settings within IE as configured in the GPO locking down the os..

    Anyhow, I battled and battled with this and got nowhere. Ended up setting up a second School Guardian server for these TS servers to run through but in non-transparent mode to get me out of a hole.

    Its working fine apart from I cannot authenticate any users, in the realtime web logs you just see the ip of the TS that each user is on. All the LDAP settings are fine, all green lights under diagnostics in the smoothwall ui and I can browse groups via AD in the web console etc.. set the authentication type to "proxy", "proxy terminal services compatibilty or redirect to SSL login and the students can go on the internet without any pop up asking for credentials..

    Any ideas as I'm stumped now!

    Thanks

  2. #2
    andyrite's Avatar
    Join Date
    Apr 2007
    Posts
    412
    Thank Post
    7
    Thanked 90 Times in 71 Posts
    Rep Power
    41
    Have you got a computer account in AD for the smoothwall box?
    Are the dns entries correct? Needs both the forward and reserve lookup zones to be correct.

  3. #3


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,463
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    If you aren't seeing usernames, it's definitely guardian, rather than the auth component.

    Suggest "NTLM authentication (TS Mode)" in guardian/auth/settings

  4. #4

    Join Date
    Feb 2008
    Posts
    270
    Thank Post
    14
    Thanked 44 Times in 35 Posts
    Rep Power
    22


    Shows how tired I was this morning.. I meant this new box is in transparent mode not non transparent.. duh - sorry! So can't choose NTLM auth Could someone please change the title?

    I have set the default gateway of the TS servers to go through this new smoothie as I can't force the proxy settings at the moment in the browser through GPO.

    DNS seems to be setup fine - This smoothwall has an A record and PTR record in the reverse lookup zone. Theres no computer account in AD for the smoothwall though, I didn't think it could join the domain like that??

  5. #5


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,463
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    You *should* be able to do NTLM in transparent. It works slightly differently but the end result is the same. Wether you can still do TS mode I am not convinced, but modern TS installs (where each client has its own IP) dont seem to need this.

  6. #6

    Join Date
    Feb 2008
    Posts
    270
    Thank Post
    14
    Thanked 44 Times in 35 Posts
    Rep Power
    22
    Hi Tom

    You cant choose NTLM ident or auth if your in transparent mode. The Smoothwall throws up and error at the top of the page and says its not available in that mode.

  7. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,463
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Hm. What version of guardian is it? I distinctly remember helping to design the hack that allows such abhorrent tomfoolery

  8. #8

    Join Date
    Feb 2008
    Posts
    270
    Thank Post
    14
    Thanked 44 Times in 35 Posts
    Rep Power
    22
    Quote Originally Posted by tom_newton View Post
    Hm. What version of guardian is it? I distinctly remember helping to design the hack that allows such abhorrent tomfoolery
    We are using School Guardian 2008 - with all the latest updates applied

  9. #9


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,463
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    I've just done it on '08 here :-/
    (Well, NTLM ident, coz i don't have my test box attached to AD)

    Try the lads in support - they may be able to help you out.

SHARE:
+ Post New Thread

Similar Threads

  1. [PHP] probs authenticating in MRBS
    By bmofcw in forum Web Development
    Replies: 0
    Last Post: 9th September 2009, 07:47 PM
  2. SmoothWall users...
    By tom_newton in forum General Chat
    Replies: 33
    Last Post: 26th February 2009, 08:58 PM
  3. Replies: 1
    Last Post: 22nd May 2008, 07:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •