*nix Thread, School Guardian 2008 and ntlm in Technical; I've spent the last couple of days trying to get School Guardian 2008 installed and configured. I've found lots of ...
24th July 2008, 07:33 PM #1
School Guardian 2008 and ntlm
I've spent the last couple of days trying to get School Guardian 2008 installed and configured. I've found lots of nice things in it!
However I have hit a rather nasty problem. I can't get ntlm authentication/identification to work correctly.
Does anyone else use this combination successfully?
As it stands this is whats happening
User authenticates. Page is requested. Some of the page comes back. I've been talking to support who have helped a bit with the issue (turning on persistant connections seems to help quite a bit) but I've not been able to eliminate it. The content is not currently being filtered.
I've been working on it tonight as I'm really pushed for time. One interesting thing I did note is that some items appear in the filter request log *exactly* 2 minutes after the original requests. This doesn't seem to happen with no auth, ssl auth or any of the others I would assume.
Using safari seems to exacerbate the issue, often losing the page style sheets.
24th July 2008, 09:31 PM #2
- Rep Power
We had a similar problem when we first installed School Guardian. A workround was to enable ntlm identification (terminal services compat mode) This seemed to do the trick until Smoothwall released an upgrade to fix the problem. We now use ntlm ident with no problems
Originally Posted by DMcCoy
Make sure that filtering is applied to the user groups that you wish to filter.
Have you tried a save and restart with cleared cache?
24th July 2008, 09:46 PM #3
We are using Network Guardian and have also been on the phone tonight with Nick about a similar issue.
The above fix also worked for us.
25th July 2008, 12:17 AM #4
Hmm, seems to be something a bit like this
'[squid-users] Squid sends TCP_DENIED/407 even on already authenticated users' - MARC
In fact on the wikipedia front page I had no formating, and there was a 407 for the main.css file amongst lots of 200s.
25th July 2008, 12:37 AM #5
The 407 itself is ok, it seems that while IE mostly retries and is successful, Safari often doesn't retry or fails.
I would blame OS X and ntlm but I've not been able to replicate the issue using ntlm to an ISA proxy. I'll have a go with 10.4 tomorrow anyway.
25th July 2008, 10:21 AM #6
Sorry to de-rail, but isn't NTLM just dandy?
25th July 2008, 10:59 AM #7
25th July 2008, 11:14 AM #8
Going to try ident servers on the windows and macs later instead. That should work
25th July 2008, 11:21 AM #9
I had several issues with NLTM some users would get asked for a username/password combo via a popup box even though it's not supposed to do this.
I tried various things as suggested by tech support and I'll be looking into this again when I'm in over the hols.
25th July 2008, 11:55 AM #10
You usually only get that when they are trying to access from more than one machine or they have swopped machines and it hasnt timed out for the old machine yet.
Originally Posted by plexer
25th July 2008, 11:59 AM #11
I had a bit of trouble getting it going, but it's worked flawlessly since.
First of all, I second what Edsa said. Here's a few ideas:-
services » authentication » control - do you get all green lights?
services » authentication » settings - is it all filled in correctly? If you're using AD, I could PM you a screen shot of mine.
services » authentication » user activity - are users being listed?
system » preferences » time - is the clock correct? Timezone should be Europe/London. I just manually set my clock - I couldn't get NTP to work. The RTC in the BIOS should be set to GMT (not BST).
25th July 2008, 11:59 AM #12
Nope definitely not that.
25th July 2008, 01:09 PM #13
With the persistant connections and a rebuild the 407s (without browser retries) have reduced to an acceptable level, at least with low volume testing. Just had one image not show up so far on apples home page (which was quite problematic).
Hopefully that it will work well enough to keep with ntlm, although I'll be adding ident servers to machine when I reimage
25th July 2008, 02:07 PM #14
I would vaguely wonder about auth timeouts... but then i'd just be tinkering to "see if it does anything"
Also - if you enable/disable transparent filtering it changes the way NTLM does things (IIRC!).
We are looking at SPNEGO and all things "post" NTLM, but there aren't really many good, widely used standards for this sort of thang.
By Grommit in forum Network and Classroom Management
Last Post: 24th July 2008, 12:55 PM
By tldees in forum Wireless Networks
Last Post: 12th June 2008, 05:08 PM
By plexer in forum How do you do....it?
Last Post: 23rd April 2008, 03:29 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)