Smoothwall Authentication - Safeguarding issue?
Ok, am I over reacting? (Ok, Ok, I know the answer will be yes but bear with me)
We have been having an issue where a lot of requests through our Smoothwall box end up being 407'd, which is proxy authentication required, and no username shown, just an IP. I posted about this and someone mentioned that they get it occasionally if the NTLM handshake plays up, I looked at the logs and this didn't seem to be the issue. I logged a call with Smoothwall and was originally told that this was normal. I've never seen this behaviour before and asked for it to be escalated.
Just had a call from Smoothwall to say this is a known issue with NTLM and Kerberos. If the end host, so the website the user is requesting, doesn't use NTLM or Kerberos authentication then the information isn't sent and the Smoothwall proxy can't ID who the user is. The only way around this is to use SSL authentication, meaning to browse the web every user will have to log on through the web portal. In the 5 years of using Smoothwall I've not come across this, unless something od has happened or a site is in proxy bypass then a username has been logged. It also seems odd that Smoothwall is pushed in Education but it can't guarantee an audit trail for a pupils web traffic.
For me this means Smoothwall is next to useless as I can't produce a full audit on pupil's web activity in the event something happens, or to prevent something happening unless I make everyone log in via the portal which with small ones is a real hassle. I also don't understand how Smoothwall can be used as a proxy if it can only be used to identify users based on the server at the other end of a request allows Authentication, I would expect the majority of web servers to use anonymous access as they have no need to know user credentials. How does it know which group to assign someone or policies to apply?
So as I asked at the beginning, am I over reacting? Or am I off to Lightspeed?