NTLM Authentication & Smoothwall

[jaminben]

Hi,

We've recently started to have an issue with various students not being able to access the internet and an NTLM authentication popup box displaying on screen. If the users enter their logon details the issue doesn't resolve itself... the only real way to get them up and running is to reset their username/password within AD. This only appears to be happening with Windows 7 clients and is totally random (3 students here, 5 students there etc).

About a week ago we had a Smoothwall engineer access our system to carry out some much needed maintenance and apply an iOS 6 patch to allow BYOD to work correctly.

Anyone have any similar issues or ideas about whats gone wrong?

Thanks

[Tsonga]

Have to run the test to see if smoothwall is talking to the AD correctly? Ours messed up when the time was slightly out.

Services -> Authentication -> Control

[jaminben]

Thanks for the quick reply.

All checks passed ok.

[Tsonga]

Is it locking the accounts in AD?

[DMcCoy]

Do the passwords for students expire or have password requirements to be changed? I've had issues where the AD passwords expire after the user has logged in, windows won't tell you, and the current kerberos ticket remains valid (so things like file sharing still work). Other services such as smoothwall will fail authentication due to the password expiring post logon.

[jaminben]

Yes its locking thier accounts... we've thought about their BYOD automatically connecting and locking them out during a failed attempt to connect but they swear blind they haven't got any phones etc... I've tried my own device to replicate a student automatically connecting but it doesn't give the NTLM message.

[jaminben]

Nope, passwords don't expire until Jan 2013 and nothing else has changed within the system.

[Tsonga]

Yes its locking thier accounts... we've thought about their BYOD automatically connecting and locking them out during a failed attempt to connect but they swear blind they haven't got any phones etc... I've tried my own device to replicate a student automatically connecting but it doesn't give the NTLM message.

Auto-saved somewhere?

I had a very similar issue where the old password was stored in their key-chains when they used Macs

[jaminben]

Our macs dont currently talk to the AD system (thats next summers job).

[Tsonga]

iPods?

The only reason I can think of the accounts being locked it based on the account lockout policy in group policy. Typically this is 5 login attempts in 5 minutes so something has to be hammering LDAP incorrectly to lock them.

[jaminben]

We thought the same thing but have been unable to replicate it using our own devices.

[jaminben]

The only thing that looks odd is:

Warning: System Load Average is 4.41 4.69 4.62

Which happened at around the same time some students had a problem.

Found this thread about the warning and trying to work out what our figures mean.

[Tsonga]

Then I am at a loss.

You can putty into smoothwall and have a look at its running processes...

[Mako]

Interesting that you should post this thread yesterday, as we've been having an almost identical issue here with Smoothwall. It's random, it locks them out, only on Win7, and only just started happening last week (with slowly increasing frequency). Resetting AD user/pass works. Unable to replicate issue.

It's only with students, have not had a single member of staff have a problem.

On the verge of logging a call with our LA Smoothwall support team.

[Ashm]

It may be worth looking at disabling the below setting in the Web Proxy settings (Advanced) in case that helps. I've not had to use it before but it sounds like it might be the issue you're having.

Interrupted NTLM connections are caused by non-standard Web browser behavior. Disable this option if restrictive Active Directory account lockout policies are in operation.