Credentials Rule overrides valid AD Authentication

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Credentials Rule overrides valid AD Authentication

Postby Coopsterman321 » Jul 20 16 3:04 am

We have two types of machines on our network -- some users are authenticated to AD and some users (machines) are not.

I want to provide full internet access to our AD authenticated users, but only provide limited access to the users who connect their machines to the network but don't authenticate to AD.

I don't want any of them to be presented with an authentication pop up message when rules are processed.

What I would like to have happen is:
(1) users properly authenticated to AD show as those users for rule processing
(2) users (machines) who did not authenticate to AD are assigned an assumed AD user name 'UserXXX' for rules processing

If I use a credentials rule for the network IP range to assign a default user of 'UserXXX' and assume them to be authenticated, it overrides the credentials for our users on the same network who authenticated properly with AD.

Is there a way to do what I want to do short of having DHCP assign different IP networks or ranges to the two classes of users?

Thanks
Coopsterman321
 
Posts: 2
Joined: Jul 20 16 2:47 am

Re: Credentials Rule overrides valid AD Authentication

Postby adrien » Jul 20 16 4:21 pm

Hi

WinGate gains knowledge about who a user is based on authentication to WinGate, rather than the client logging into the AD. For http authentication, it's a challenge response system, so WinGate has to challenge first before the client will attempt to auth.

Normally rules that require a user to be authenticated would be satisified by your credential rule, and so the user wouldn't be challenged to auth. This is why the credential rule appears to override the credentials of the logged in users.

The problem is without auth, the AD-authed users won't auth to the proxy.
With auth, the other users will see a login dialog.

Is there anything else different about the users that can be used for WinGate to treat them differently?

e.g.

* they request different sites
* they are in a different subnet

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Credentials Rule overrides valid AD Authentication

Postby Coopsterman321 » Jul 21 16 8:14 am

No. Not the way we're set up at the moment.
I'll see if our regular users can be assigned DHCP leases in a specific IP range leaving our roaming users in the the other part of the range. That way I can force the credential rule only on the roaming users.
Thanks
Coopsterman321
 
Posts: 2
Joined: Jul 20 16 2:47 am


Return to WinGate

Who is online

Users browsing this forum: No registered users and 42 guests

cron