+ Post New Thread
Results 1 to 9 of 9
Internet Related/Filtering/Firewall Thread, Smoothwall - more authentication issues for School Guardian in Technical; One step forward... two steps back. Or thats what it feels like with Smoothie at the moment! NTLM Auth is ...
  1. #1

    Join Date
    Nov 2007
    Location
    Manchester
    Posts
    206
    Thank Post
    2
    Thanked 13 Times in 7 Posts
    Rep Power
    16

    Smoothwall - more authentication issues for School Guardian

    One step forward... two steps back. Or thats what it feels like with Smoothie at the moment!

    NTLM Auth is now on. All PCs connected to the domain being filter perfectly.

    Student's own PCs, which aren't connected to the domain, should get an authentication box in which to enter their network username and password....

    .... problem is some do get the authentication box and some don't - it just hangs with the browser URL http://smoothwall:800/?sgtransntlmde...w.google.co.uk (or whatever their homepage is) and doesn't bring up an authentication box.

    The problem is it works on my non-domain laptop in Firefox, Safari and IE8. For some of the students it works in Firefox, Safari and IE8. For some it won't bring up an auth box in IE8 but will in the other browsers, for some it won't bring up an auth box in any browser....

    Even two guys who have identical laptops with the same OS, and browsers. For one it works, for the other it doesn't....

    Really starting to pull my hair out with this now... it just seems to keep throwing up problems!

    Any suggestions would be gratefully recieved.

    Cheers
    Adrian

  2. #2
    mb2k01's Avatar
    Join Date
    Jan 2007
    Posts
    1,139
    Thank Post
    189
    Thanked 230 Times in 195 Posts
    Rep Power
    92
    As a fairly new customer, I am seriously considering moving away from NTLM auth. It has proved to be much more hassle than it is worth. I've had issues with various sites (not least internal Exchange and Moodle access).
    I am assured that the other non-NTLM auth options don't have as many/any associated niggles, so may try core auth instead

  3. #3

    Join Date
    Nov 2007
    Location
    Manchester
    Posts
    206
    Thank Post
    2
    Thanked 13 Times in 7 Posts
    Rep Power
    16
    How does Core Auth work... and what does the user have to provide details wise.

    I'm toying with switching to SSL redirect and seeing if that works. Downside is that users on PCs that are connected to the domain will have to enter username/password to browse the internet and remember not close the login page... also how can I sign the https certificate for Smoothwall as that always shows as not being certified... something else for people to have to click on.

  4. #4

    Join Date
    Feb 2008
    Posts
    270
    Thank Post
    14
    Thanked 44 Times in 35 Posts
    Rep Power
    22
    Regarding the certificate for https filtering - you need to deploy this across your network via a GPO so it ia a trusted root authority on your clients - it takes 2 minutes to setup and then however long to deploy as the clients are rebooted. No more certificate errors on your clients..

    The chaps at Smoothwall will let you setup a second box for your wireless guests so you can use an alternative authentication method for those users. I too had issues with the pop up box on some machines

  5. #5

    Join Date
    Nov 2007
    Location
    Manchester
    Posts
    206
    Thank Post
    2
    Thanked 13 Times in 7 Posts
    Rep Power
    16
    Problem is when we have loads of PCs not on the domain, they won't pick up a GPO.

  6. #6

    Join Date
    Feb 2008
    Posts
    270
    Thank Post
    14
    Thanked 44 Times in 35 Posts
    Rep Power
    22
    Then unfortunately you need to either turn of https intercept on the proxy or distribute the certificate somehow to everyone to install on the non domain machines.

  7. #7

    rob_f's Avatar
    Join Date
    May 2008
    Location
    Leeds
    Posts
    228
    Thank Post
    16
    Thanked 76 Times in 58 Posts
    Rep Power
    26
    If you're not doing transparent filtering (i.e. you set the proxy in everyone's browsers) try turning off transparent in Guardian > Proxy > Web proxy to see if it improves your non-domain PCs.

    mb2k01 - with regards to your internal sites, have you tried excluding them from going through the proxy via the GPO/browser settings? I believe there was a recent update to facilitate authenticating to another NTLM upstream web server through the proxy when using NTLM, but generally this is unwanted as most people don't want their workstations to automatically auth with any random internet server.

  8. #8

    Join Date
    Nov 2007
    Location
    Manchester
    Posts
    206
    Thank Post
    2
    Thanked 13 Times in 7 Posts
    Rep Power
    16
    Quote Originally Posted by rob_f View Post
    If you're not doing transparent filtering (i.e. you set the proxy in everyone's browsers) try turning off transparent in Guardian > Proxy > Web proxy to see if it improves your non-domain PCs.

    mb2k01 - with regards to your internal sites, have you tried excluding them from going through the proxy via the GPO/browser settings? I believe there was a recent update to facilitate authenticating to another NTLM upstream web server through the proxy when using NTLM, but generally this is unwanted as most people don't want their workstations to automatically auth with any random internet server.
    Hi Rob

    We are doing transparant I'm afraid... trying to get 290 kids to all set the proxy in their browsers just seems like too much of a nightmare!

  9. #9
    mb2k01's Avatar
    Join Date
    Jan 2007
    Posts
    1,139
    Thank Post
    189
    Thanked 230 Times in 195 Posts
    Rep Power
    92
    Sorry about the lack of replies, I've been in meetings all day.

    @TheFopp - My understanding of Core auth is that their is a client bit of software required on each pc - which in our circumstance isn't too much of a problem (although less convinient obviously).

    @rob_f - Yep - tried all that. I've spoken to Chris a couple of times and he also said to try putting the addresses as exceptions which looked promising, but I'm still getting strange issues, lately with Moodle etc. I need to re-evaluate the whole config I think as some things just aren't working out how I want them. I am in the office for the whole of tomorrow (rare!) so will give one of you helpfull and knowledgeable people a call on the support line.

SHARE:
+ Post New Thread

Similar Threads

  1. Silent authentication through Smoothwall Network Guardian?
    By reggiep in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 3rd March 2010, 04:39 PM
  2. Smoothwall School Guardian NTLM Authentication woes
    By karlr in forum Internet Related/Filtering/Firewall
    Replies: 4
    Last Post: 15th September 2009, 01:04 PM
  3. Whats the difference between Network Guardian And School Guardian? (smoothwall)
    By j17sparky in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 25th June 2009, 01:04 PM
  4. Smoothwall - School Guardian Eval
    By Macinator in forum Internet Related/Filtering/Firewall
    Replies: 11
    Last Post: 17th February 2009, 03:11 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •