+ Post New Thread
Results 1 to 7 of 7
Internet Related/Filtering/Firewall Thread, Netsweeper - Tearing my hair out in Technical; Evening, Not sure anyone can help but I'll cross my fingers. Here we go.... for the past two/three years the ...
  1. #1

    garethedmondson's Avatar
    Join Date
    Oct 2008
    Location
    Gowerton, Swansea
    Posts
    2,309
    Thank Post
    973
    Thanked 326 Times in 194 Posts
    Blog Entries
    11
    Rep Power
    170

    Netsweeper - Tearing my hair out

    Evening,

    Not sure anyone can help but I'll cross my fingers.

    Here we go.... for the past two/three years the LEA have been using Netsweeper as their preferred filtering solution. It was put in to replace Websense which wasn't really doing the job. So the LEA and Netsweeper cobbled together something and all was good. From what I gather it was put behind an ISA box and a special plug-in written. This plug-in kept crashing due to memory leaks and the LEA started looking for something else.

    They have now moved over to the Squid version of Netsweeper and it isn't working properly. Browsing the web is fine in IE and Firefox but the moment you want to use a plug in such as Java (e.g. to access yousrc.com ) or if you want to use a piece of software such as iTunes or gotomeeting then you are immediately challenged with an authentication box (see picture attached). The LEA are at a loss. Entering credentials are not working.

    I've contacted Netsweeper and they have asked for the squid.conf file - which I do not have as I don't have access to the Netsweeper boxes.

    Has anyone seen this before? Would anyone have any idea what changes I could ask the LEA to make? It's affecting lessons as we cannot teach our Java lesson (again using yousrc.com). I've asked the LEA for the squid.conf file but I very much doubt they would give it to me. Netsweeper (in their defence) are helping me even though the support contract is with the LEA. I'm bypassing the normal channels because nothing is happening.

    If anyone has any ideas I'd love to here them.

    Many thanks

    Garethtony.jpg

  2. #2

    Join Date
    Nov 2011
    Location
    Manchester
    Posts
    59
    Thank Post
    3
    Thanked 23 Times in 15 Posts
    Rep Power
    10
    I've seen things vaguely similar, in particular with iTunes. The addresses/URLs needed adding to the Default Subnet Policy, as well as the Staff/Student policy as it was trying to authenticate to the NetSweeper as the machine rather than the user. It's been a while since I've dealt with it though.

  3. Thanks to Jonah from:

    garethedmondson (2nd February 2012)

  4. #3

    garethedmondson's Avatar
    Join Date
    Oct 2008
    Location
    Gowerton, Swansea
    Posts
    2,309
    Thank Post
    973
    Thanked 326 Times in 194 Posts
    Blog Entries
    11
    Rep Power
    170
    Quote Originally Posted by Jonah View Post
    I've seen things vaguely similar, in particular with iTunes. The addresses/URLs needed adding to the Default Subnet Policy, as well as the Staff/Student policy as it was trying to authenticate to the NetSweeper as the machine rather than the user. It's been a while since I've dealt with it though.
    Not entirely sure what you mean. I've added some of the urls to the allow policy. *.yousrc.com etc - still isn't working.

    Gareth

  5. #4


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,507
    Thank Post
    871
    Thanked 862 Times in 681 Posts
    Rep Power
    199
    Java doesn't play nice with proxy authentication, in general. Would suggest the LEA need to exclude those domains from being authenticated. It is not a hard thing to do in squid, and if netsweeper can't help them fix it...

  6. Thanks to tom_newton from:

    garethedmondson (2nd February 2012)

  7. #5

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,086
    Thank Post
    123
    Thanked 533 Times in 357 Posts
    Blog Entries
    2
    Rep Power
    336
    I'm guessing you're using Kerberos?

    OK, unless you get NTLM + basic authentication working (and as it happens I'm working on that problem with Squid), you can allow an exception in your squid.conf for java.
    I'll post the exception tomorrow. It works for itunes, too.

    Be careful doing this though, I'll explain by PM if you like as there's a massive security hole.
    Last edited by jinnantonnixx; 1st February 2012 at 10:51 PM.

  8. Thanks to jinnantonnixx from:

    garethedmondson (2nd February 2012)

  9. #6

    Join Date
    Aug 2011
    Location
    London
    Posts
    6
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi Gareth, can you PM me your details and we will get this resolved? We've been running NTLM and Kerberos authentication in other regions. No doubt we'll have to go back to the LA with it however that's no big issue wf we know what the challenge is.

    James

  10. #7

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,086
    Thank Post
    123
    Thanked 533 Times in 357 Posts
    Blog Entries
    2
    Rep Power
    336
    You could try this in your squid.conf

    acl AgentsNoAuth browser Java/ iTunes NSPlayer/
    http_access allow AgentsNoAuth

    then further down where you have your re-writes:

    url_rewrite_access deny AgentsNoAuth

    Edit: I've just re-read your post and you say you don't have access to the squid config. I don't know what to suggest in this case. I don't think there's anything you can do at your end.
    Last edited by jinnantonnixx; 2nd February 2012 at 01:07 PM.



SHARE:
+ Post New Thread

Similar Threads

  1. Tearing my hair out over folder permissions in 2008
    By swpmre in forum Windows Server 2008
    Replies: 16
    Last Post: 15th September 2011, 09:44 AM
  2. Moodle SSO - tearing my hair out!
    By jgcracknell in forum Virtual Learning Platforms
    Replies: 6
    Last Post: 18th April 2011, 02:05 PM
  3. Frog - Slow ! Pulling my hair out
    By FragglePete in forum Virtual Learning Platforms
    Replies: 21
    Last Post: 20th September 2010, 08:58 PM
  4. Help needed (before I pull my hair out :) )
    By Talorin in forum General Chat
    Replies: 13
    Last Post: 29th June 2009, 10:26 AM
  5. AFP Automount - tearing my hair out over it
    By sidewinder in forum Mac
    Replies: 2
    Last Post: 4th November 2008, 11:34 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •