Smoothwall - Mac's NTLM Authentication

[linkazoid]

With the terrific help I received earlier regarding Mac's - Thought that I would try to solve a couple of problems/irritations

We only allow staff to access the internet on our Macs as students dont need internet access in their music lessons. Our registers are on E1 so they are all web based.

Our smoothwall is using NTLM Authentication and has to stay as this for various reasons....

We have the smoothwall proxy settings applied to the staff preferences in Workgroup Manager and have the relevant exceptions also added. But they are still requested to input their credentials frequently when browsing using safari. I have installed Firefox and changed 'network.automatic-ntlm-auth.trusted-uris' but they are still requested.

Is NTLM Authentication still broken in safari on 10.5.6 and 5.7?
Has anyone else got it working? either with safari or Firefox..

Cheers again........

Michael

[tom_newton]

Unfortunately, on non-windows platforms, you will still be asked to input your credentials when using NTLM. This is a limitation we can't avoid.

Sometimes, it happens a bit more often than it should, though - this is being worked on, and as soon as we find a way to improve it, we'll let you (and the rest of our customers) know.

Sometime soon we will, I hope, be adding the ability to choose your auth method based on your OS, IP or UserAgent (quite which, we have yet to work out).

If you could drop me an email outlining your situation, I will make sure it is read in the relevant dev meetings.

[CyberNerd]

Unfortunately, on non-windows platforms, you will still be asked to input your credentials when using NTLM. This is a limitation we can't avoid.

I found when using firefox/linux I need to put in domain\username - so that smoothwall authenticated to AD. Is there any way we can remove the domain part, ie get smoothwall to assume a default domain? without redirecting everyone to a webpage.

[linkazoid]

I found when using firefox/linux I need to put in domain\username - so that smoothwall authenticated to AD. Is there any way we can remove the domain part, ie get smoothwall to assume a default domain? without redirecting everyone to a webpage.

This is also how we are currently doing it... I would also love for them to be only to have to put their username in... but still having NTLM Authentication.

Michael

[tom_newton]

Hm. Sounds like a good idea on paper, I will see what I can get out of the devs

[diggory]

Another way round is to run smoothwall on a second box for the macs?
Then you can use IDENT instead of NTLM for the macs and stick with NTLM for the PCees.

It *might* be possible to replicate some of the settings between the boxes - although I haven't managed this too well.

[HodgeHi]

I used to use NTLM authentication for the Macs but for some unknown reason the sites were broken each time. I have since started to use identd. This seems to work better than NTLM authentication and is also transparent to the user. I would recommend this method over NTLM personally. You can also use ident on the XP side as well.

This is the way i am going. With the mac side you can send the credentials of the current aqua user and also specify a user by default in the system prefs tab that is installed with the identd software. I have been trialing an application that hasn't been updated for a while on OS X 10.5.6 and seems to work OK.

http://www.macmax.org/rubrique.php3?id_rubrique=21

Not rolled it out completely yet though so at your own risk for the moment.

[tom_newton]

Yes, you can use 2 boxes no problem - just ring your account manager and let them know, and they'll letcha replicate the licence across 2 machines.

Replication will allow you to pull settings across between each Guardian ok.