Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Jun 29 04 10:44 pm
A Simple question :
We have to install wingate 6 behind a firewall.
So what are the tcp port that should be opened so that wingate may be able to synchronise the active directory users.
thanks by advance.
Jun 30 04 12:49 am
Hi
I think it will be port 139 (SMB). I'm not certain though.
Adrien
Jun 30 04 1:13 am
That's what Microsoft says about firewall holes requiredx to replicate AD:
RPC endpoint mapper 135/tcp, 135/udp
Network basic input/output system (NetBIOS) name service 137/tcp, 137/udp
NetBIOS datagram service 138/udp
NetBIOS session service 139/tcp
Server message block (SMB) over IP (Microsoft-DS) 445/tcp, 445/udp
Lightweight Directory Access Protocol (LDAP) 389/tcp
LDAP over SSL 636/tcp
Global catalog LDAP 3268/tcp
Global catalog LDAP over SSL 3269/tcp
Kerberos 88/tcp, 88/udp
Domain Name Service (DNS) 53/tcp1, 53/udp
Windows Internet Naming Service (WINS) resolution (if required) 1512/tcp, 1512/udp
WINS replication (if required) 42/tcp, 42/udp
However, for plain AD request model you might be well off with only these ports being punched through:
135,137 (TCP and UDP) , 139, 445 (TCP)
Jun 30 04 4:10 am
Ok it's works with :
135 tcp/udp
137 tcp/udp
139 tcp
445 tcp
I'am able to synchronise the AD users from Ad server to wingate.
But what about the authentication process done with the browsers ?
how it's works ?
actually IE ask me for an login/password and it's not the nt authentication ?
Jun 30 04 10:19 am
Did you setup Wingate to authenticate users?
Jun 30 04 8:16 pm
Yes wingate is setup correctly (after several check)
Jul 01 04 12:22 am
If you set up you IE to use proxy server (WG) then WG proxy will request for authentication - and the actual authentication process depends on how WG is tuned up - it either uses its own user database or the NT one (don't forget to synchronize databases).
Jul 01 04 12:36 am
To get WinGate to use NTLM authentication in the HTTP proxy, you need to
1. make the policies for HTTP proxy require that the user be authenticated (rather than assumed).
2. Enable the NTLM authentication option on the general tab of the WWW proxy
3. Use the remote NT user database in WinGate
4. Run the WinGate service in a domain account that has Admin rights on the remote Active directory server.
Adrien
Jul 01 04 9:41 pm
and if my wingate server is not in the domain ?
The wingate server is in an DMZ and is standalone server (not in a domain)
is it possible ?
Jul 02 04 11:25 pm
Could you give me more information.
my proxy is not in the domain (standalone server named SRV-PROXY)
the AD server is behind firewall ( domain : DOMML)
The users synchronisation is correclty done.
locally the NTLM is working.
- So why wingate ask me for a user/password when I try from an machine in the domml domain ?
- why when I give login "vgaudin" there is a second ask with :
SERVEUR-PROXY\vgaudin
but my user is in the domml domain
You said me : run wingate service in a domain account that has admin rights on the remote AD
but how could I do this because my proxy is not in the domain DOMML !?
thanks by advance.
vincent
Powered by phpBB © phpBB Group.
phpBB Mobile / SEO by Artodia.