Kinds of Autentification

[javila]

Hi to all.

My wingate server (5.2) uses windows 2000 pro SP4 and my (administrative) computer uses windows 2000 pro sp4 too, recently I installed a new XP home computer and I connect it to the wingate LAN (using the dinamic IP and the WGC).
Then I was looking at the gatekeeper window looking at the tipe of authentifications that the wingate handles, here I asked myself:

* What are the differences beetwen wingate authentification amd NTLM authentification?
* The wingate authentification windows appears when I start the windows and the loggin name it is filled with the "SYSTEM" on the login name. My user it is configured to be authentificated (on the policies of the winsock redirector services). Why this happens?
* What happens if I set "user must be assumed" as a policy of authentification?
* The other computers use windows98SE and its authentification on the gatekeeper is "user - Authenticated [Wingate]" why?

I guess that is all for now :D

Thanks.

Javier

[Pascal]

* What are the differences beetwen wingate authentification amd NTLM authentification?
* The wingate authentification windows appears when I start the windows and the loggin name it is filled with the "SYSTEM" on the login name. My user it is configured to be authentificated (on the policies of the winsock redirector services). Why this happens?
* What happens if I set "user must be assumed" as a policy of authentification?
* The other computers use windows98SE and its authentification on the gatekeeper is "user - Authenticated [Wingate]" why?

WinGate authentication uses Qbik's own cryptography and passwords that are stored by WinGate itself. NTLM uses the userdatabase and passwords that Windows uses. The associated benefits of each are detailed fairly well in the help file. (Look for "Authentication")

The authentication window is in all likelyhood being displayed because part of your startup (Services, etc.) is requiring Internet access. You can check in GateKeeper which application this is, and set it to use Mixed / Global access.

An assumed user 'associates' a specific user with a specific IP address or MAC address. This allows you to set per-user policies, without requiring authentication. In effect, you assume that since a connection is coming from computer X, the user must be Y.

user - authenticated [WinGate] means the user has been authenticated using the WinGate user database.

Hope that helps.

[mikebos]

Pascal,

You write again about MAC authentication.

I would love to get this going as many users don't have java installed and the java applet times out to frequently.

I've read Wingate Help for "Authenticate" and have tried Java and MAC authentication on 4.5+ 5.0-5.23 and find the same problem.

Haven't tested java with 6, anything changed?

Regards
Mike Bos.

[Pascal]

What about using NTLM in preference to the Java login ? In most cases then users shouldn't even see a dialog box, but will be authenticated based on their Windows login. (Depends on IE settings)

[mikebos]

Hi Pascal,

My clients are dorm students so we have/want nothing to do with their own Windows/Linux/MacOS setup.

NTLM uses Windows to Server comms to verify to LAN/Internet.

According to the Wingate Help NTLM does not authenticate www and socks traffic, but I presume the windows client is already authenticated. So we could possible use it in a windows only environment.

What was it you meant by assumed by MAC address?

Regards
Mike Bos