Smoothwall Network Guardian on Apple Macs and Windows

[ranj]

Hi

We are looking as Smoothwall Network guardian product to replace our Squid Proxy.

Our setup in school is we have 2 directory systems running, ActiveDirectory for our Windows XP clients and we use Open Directory as an authentication for our Apple Mac 10.5 clients.

I am trying to get my head around how we could authenticate both sets of users using Network Guardian. At the moment with squid this only authenticates with Windows clients and for the Macs we have to use the local authority proxy which allows far more access than we want. For example as a school we block access for students to youtube but because the Macs use the authority proxy they can access it.

With Smoothwall we want to control the access to youtube which I believe we can do with scheduling when student can access it but because of our setup I am not sure how this would work.

I just wanted to know how other schools are using this product with this type of setup. Speaking to Smoothwall they have said that for our Mac users they can be presented with a SSL page prompting for their username and password and it is possible with Smoothwall to lookup at both AD and OD for creditionals.

I would be interested to see how schools with this type of setup or running 2 directory systems have it working with Smoothwall Network Guardian.

Thanks

[DMcCoy]

Our mac users are prompted for their NTLM username and password. This has to be domain\username but can then be saved in the keychain.

[tom_newton]

@Ranj - you may need to upgrade the auth component to the version which supports multiple AD controllers, then use NTLM on one port, and SSL login (or ident) on another. If you havent been granted Auth3 yet, either PM me your details and i'll add it, or wait until ~tomorrow when it goes on general release.

[Ric_]

Not sure why you are using two separate directories for authentication (I use AD for auth on Windows and Mac plus use OD to manage my Macs). IIRC, our users don't get prompted for a password when accessing our smoothie box... if they do, nobody complains about it.

[ranj]

We are currently evaluating smoothwall Network guardian product and having a really weird issue. I have contacted both Smoothwall and Apple enterprise support and still can't figure out the issue.

Our network is setup as explained above, in terms of the networking, our Apple Macs are connected to the same network as our Windows clients and servers and we don't have a VLAN setup.

I am encountering an issue where our Apple clients are not able to ping the smoothwall box. Whether i type the IP address or hostname. whats odd is it is able to do a lookup once when i run the ping command but I dont get repeated relays back to the client to say that it is communicating. The macs are on the same subnet as our windows client.

I thought the issue could be with some management settings on the switch the mac was connected to so brought the Mac back to our office which is connected to a different switch and I have the same problem, whats odd is the my office machine which is windows can connect to the smoothwall box fine and is connected to the same switch.

Our Macs have static IP addresses and this is managed by our Windows DHCP server which has reservations for all the Macs we have. I thought it could be an issue with this so removed a reservation for my test mac, and allowed this mac to get a IP from DHCP dynamically. Still I get the same problem.

I was also suggested to see if it could be the firewall on the Mac which could be preventing it and have checked the firewall settings on our Mac and the firewall is set to 'allow all incoming connections'. Our Macs run 10.5 btw.

the only thing I noticed is when I restart the smoothwall box, after the devices comes back online, the Macs are able to ping successfully to the smoothwall box but then stop after about 2-3 minutes. It seems like during the startup process of the smoothwall box, once it is online and begins starting up the configuration, its get so far in and then the Mac cannot communicate to it anymore.

Can anyone help?

So I am at a loss what the issue could be, basically after talking with smoothwall they are saying the Mac never reaches the smoothwall box, whats odd is if I ping any other device on the network our Mac is fine and ping's successfully and its only the smoothwall box that is playing up.

[tom_newton]

Is it just ping, what about if the mac user tries to access the web interface?
Have you tried different NIC for the Smoothie? Maybe there's something funny there.

[ranj]

Agreed!! Something odd going on here.I have just rebuilt smoothwall onto a physical server rather than a VM and on the macs it seems to be working fine now.

My conclusion is there is some config setup on the smoothwall VM version which we have set which the Macs dont like. Does anyone know how I can 'reset the network settings on smoothwall?

Thanks

[tom_newton]

What exactly are you looking to reset? (pole sana for the delayed response - I'm in Denver, and my usual cover for Edugeek lurkage is in the middle of a moving of house)

[bcsbirmingham]

Hi Ric,

Just trawling the posts re Mac authentication. We are currently in a mixed AD OD situation and are considering authenticating our Macs on AD. Any thoughts or advice about how to go about this?

Thanks