+ Post New Thread
Results 1 to 14 of 14
Mac Thread, Safari proxy with AD credentials in Technical; are there any keys in WGM to set the proxy username and password to the login credentials of the AD ...
  1. #1
    mellowip1983's Avatar
    Join Date
    Sep 2011
    Location
    Wirral
    Posts
    69
    Thank Post
    2
    Thanked 8 Times in 7 Posts
    Rep Power
    8

    Safari proxy with AD credentials

    are there any keys in WGM to set the proxy username and password to the login credentials of the AD user?

    Our LEA has just upgraded our filtering and now the mac users are being asked for authentication

  2. #2

    Join Date
    Mar 2012
    Location
    Stafford
    Posts
    33
    Thank Post
    6
    Thanked 7 Times in 5 Posts
    Rep Power
    10
    doesnt add to key chain work ???

    does the Proxy have AD intergration ?

    What proxy is it ???

  3. #3
    mellowip1983's Avatar
    Join Date
    Sep 2011
    Location
    Wirral
    Posts
    69
    Thank Post
    2
    Thanked 8 Times in 7 Posts
    Rep Power
    8
    The proxy does have AD integration but safari doesn't have use authentication set.

    Would like the students not to have to type anything due to their lack of ability.

    The proxy is a custom made to Wirral LEA called Evolution Web Filter

  4. #4

    Join Date
    Mar 2012
    Location
    Stafford
    Posts
    33
    Thank Post
    6
    Thanked 7 Times in 5 Posts
    Rep Power
    10
    Click on the user and choose Preferences and then Network Put a tick in Proxie as always and then save and then click on details - look for com.apple.SystemConfiguration this has lots of Bits and bobs you can configure, but without the proxie being "Invisiable" "Cloacked" etc then im very dought full you can access the Proxy without Authorisation.

    We use an Ident client in for the form of a Plist so we can track the users and machines filtering.

    You would maybe have to look at something on the proxy for the Mac users ?

    Are all your Machines Bound to AD?

  5. #5
    mellowip1983's Avatar
    Join Date
    Sep 2011
    Location
    Wirral
    Posts
    69
    Thank Post
    2
    Thanked 8 Times in 7 Posts
    Rep Power
    8
    Yep all the ones that access the internet are AD Bound.

    Will go take a look at this now.

  6. #6

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57
    When we had a smoothwall box I used identd to allow authentication as the macs had quite a few difficulties in authenticating. Safari has changed quite a bit though since then (around 4 years ago).

  7. #7
    MicrodigitUK's Avatar
    Join Date
    May 2007
    Location
    Wiltshire
    Posts
    336
    Thank Post
    37
    Thanked 55 Times in 51 Posts
    Rep Power
    25
    From 10.6.8 Safari has auto athentication in a AD golden triangle setup. If you use the FQDN in the proxy setings, Kerberos Proxy Authentication will work. The proxy needs to be referenced by the fully qualified domain name so the key chain knows what to use. So if your proxy setings just have IP or a short name like "proxy", it will fail. Try using "proxy.domain.internal" and it should authenticate with the loged on domain.internal user on the Mac.

  8. Thanks to MicrodigitUK from:

    HodgeHi (3rd April 2012)

  9. #8
    mellowip1983's Avatar
    Join Date
    Sep 2011
    Location
    Wirral
    Posts
    69
    Thank Post
    2
    Thanked 8 Times in 7 Posts
    Rep Power
    8
    I shall ask the lea if there is a fqdn for the proxy, they have only ever issued us with an ip address. for now they have put the ip scope into a bypass so they aren't filtered at the moment but can access the internet.

  10. #9
    MicrodigitUK's Avatar
    Join Date
    May 2007
    Location
    Wiltshire
    Posts
    336
    Thank Post
    37
    Thanked 55 Times in 51 Posts
    Rep Power
    25
    On your local AD DNS server just add a record to point to the LEA IP address. E.g a new A record of "proxy" would then have a FQDN of "proxy.domain.internal". Replace domain.internal with the full name of your domain. Job done...

  11. Thanks to MicrodigitUK from:

    mellowip1983 (3rd April 2012)

  12. #10
    User3204's Avatar
    Join Date
    Aug 2006
    Location
    Wirral
    Posts
    769
    Thank Post
    55
    Thanked 66 Times in 62 Posts
    Rep Power
    34
    Quote Originally Posted by mellowip1983 View Post
    I shall ask the lea if there is a fqdn for the proxy, they have only ever issued us with an ip address. for now they have put the ip scope into a bypass so they aren't filtered at the moment but can access the internet.
    If they don't give you one, you can try 'ping -a 10.12.4.122', which should resolve properly, if you're using their DNS on 10.12.4.60.

    I have local proxies on my network, both of which then forward on, the local ones are part of my AD, and then I use the IP to give the access level.


    It was funny this morning when I got a couple of messages to say that facebook was now blocked...

  13. #11
    mellowip1983's Avatar
    Join Date
    Sep 2011
    Location
    Wirral
    Posts
    69
    Thank Post
    2
    Thanked 8 Times in 7 Posts
    Rep Power
    8
    MicrodigitUK many thanks this worked. I applied it last night and have tested this morning, users were not being asked for credentials. Now to just sort out little issues with students being able to access facebook.

    User 3204 which school are you in?

  14. #12

    Join Date
    Jun 2013
    Location
    Goose Creek, SC
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I know this is an old post but has anyone else gotten this to work? We are running Mac OS X 10.8.3. I have my proxy set to proxy.domain.com. All of our Active Directory users have a username of jdoe@domain.com. However when we go to any webpages we keep getting the proxy authentication requirement. Is there anyway around it?

  15. #13
    mellowip1983's Avatar
    Join Date
    Sep 2011
    Location
    Wirral
    Posts
    69
    Thank Post
    2
    Thanked 8 Times in 7 Posts
    Rep Power
    8
    we discussed this with out LEA as they provide our filtering & proxy.

    We ended up putting out Mac's in to an address band at the top of our IP Scope, then applied a filter set to that scope. So no AD username filtering sorted on our site.

  16. #14
    MicrodigitUK's Avatar
    Join Date
    May 2007
    Location
    Wiltshire
    Posts
    336
    Thank Post
    37
    Thanked 55 Times in 51 Posts
    Rep Power
    25
    Quote Originally Posted by osagendn View Post
    I know this is an old post but has anyone else gotten this to work? We are running Mac OS X 10.8.3. I have my proxy set to proxy.domain.com. All of our Active Directory users have a username of jdoe@domain.com. However when we go to any webpages we keep getting the proxy authentication requirement. Is there anyway around it?
    Your proxy must support and be set to use 'Kerberos Proxy Authentication' for this to work.

SHARE:
+ Post New Thread

Similar Threads

  1. Controlling MACs with AD GPO's
    By brahma in forum Mac
    Replies: 10
    Last Post: 20th October 2008, 06:39 PM
  2. Replies: 19
    Last Post: 6th April 2007, 12:22 PM
  3. Reverse Proxying with Apache.
    By maniac in forum Web Development
    Replies: 7
    Last Post: 5th April 2007, 11:04 AM
  4. Proxy with content filtering
    By gwendes in forum *nix
    Replies: 21
    Last Post: 8th March 2007, 12:11 AM
  5. Which CMS for use with AD?
    By alan-d in forum Web Development
    Replies: 6
    Last Post: 25th November 2006, 04:50 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •