Windows 7 Thread, NTLM Authentication & Smoothwall in Technical; Hi,
We've recently started to have an issue with various students not being able to access the internet and an ...
11th December 2012, 10:29 AM #1
NTLM Authentication & Smoothwall
We've recently started to have an issue with various students not being able to access the internet and an NTLM authentication popup box displaying on screen. If the users enter their logon details the issue doesn't resolve itself... the only real way to get them up and running is to reset their username/password within AD. This only appears to be happening with Windows 7 clients and is totally random (3 students here, 5 students there etc).
About a week ago we had a Smoothwall engineer access our system to carry out some much needed maintenance and apply an iOS 6 patch to allow BYOD to work correctly.
Anyone have any similar issues or ideas about whats gone wrong?
11th December 2012, 10:52 AM #2
Have to run the test to see if smoothwall is talking to the AD correctly? Ours messed up when the time was slightly out.
Services -> Authentication -> Control
Thanks to Tsonga from:
jaminben (12th December 2012)
11th December 2012, 10:57 AM #3
Thanks for the quick reply.
All checks passed ok.
11th December 2012, 11:00 AM #4
Is it locking the accounts in AD?
11th December 2012, 11:03 AM #5
Do the passwords for students expire or have password requirements to be changed? I've had issues where the AD passwords expire after the user has logged in, windows won't tell you, and the current kerberos ticket remains valid (so things like file sharing still work). Other services such as smoothwall will fail authentication due to the password expiring post logon.
11th December 2012, 11:05 AM #6
Yes its locking thier accounts... we've thought about their BYOD automatically connecting and locking them out during a failed attempt to connect but they swear blind they haven't got any phones etc... I've tried my own device to replicate a student automatically connecting but it doesn't give the NTLM message.
11th December 2012, 11:07 AM #7
Nope, passwords don't expire until Jan 2013 and nothing else has changed within the system.
11th December 2012, 11:10 AM #8
Originally Posted by jaminben
I had a very similar issue where the old password was stored in their key-chains when they used Macs
11th December 2012, 11:12 AM #9
Our macs dont currently talk to the AD system (thats next summers job).
11th December 2012, 11:29 AM #10
The only reason I can think of the accounts being locked it based on the account lockout policy in group policy. Typically this is 5 login attempts in 5 minutes so something has to be hammering LDAP incorrectly to lock them.
11th December 2012, 11:37 AM #11
We thought the same thing but have been unable to replicate it using our own devices.
11th December 2012, 11:43 AM #12
The only thing that looks odd is:
Warning: System Load Average is 4.41 4.69 4.62
Which happened at around the same time some students had a problem.
Found this thread about the warning and trying to work out what our figures mean.
11th December 2012, 11:53 AM #13
Then I am at a loss.
You can putty into smoothwall and have a look at its running processes...
12th December 2012, 03:25 PM #14
Interesting that you should post this thread yesterday, as we've been having an almost identical issue here with Smoothwall. It's random, it locks them out, only on Win7, and only just started happening last week (with slowly increasing frequency). Resetting AD user/pass works. Unable to replicate issue.
It's only with students, have not had a single member of staff have a problem.
On the verge of logging a call with our LA Smoothwall support team.
12th December 2012, 03:39 PM #15
It may be worth looking at disabling the below setting in the Web Proxy settings (Advanced) in case that helps. I've not had to use it before but it sounds like it might be the issue you're having.
Interrupted NTLM connections are caused by non-standard Web browser behavior. Disable this option if restrictive Active Directory account lockout policies are in operation.
By alan-d in forum Virtual Learning Platforms
Last Post: 15th December 2009, 02:19 PM
By karlr in forum Internet Related/Filtering/Firewall
Last Post: 15th September 2009, 01:04 PM
By FN-GM in forum Virtual Learning Platforms
Last Post: 28th July 2009, 03:11 PM
By linkazoid in forum Mac
Last Post: 20th May 2009, 09:54 AM
Last Post: 29th June 2006, 02:00 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)