Wingate web proxy with NTLM authentication

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Wingate web proxy with NTLM authentication

Postby landkruzer » Jun 28 18 7:46 pm

Hi,

I am using WinGate 9.1.5 (5965). I have installed it on Windows Server 2012 R2 which is configured as Windows primary domain controller with ADS. While installing wingate I chose 30 days full featured evaluation and chose windows ADS as the user database.
Without any changes to configuration, I validated the the proxy server using a Windows 10 pro system (attached to domain) with Edge browser. Everything worked fine.

My objective is to evaluate NTLM authentication based web proxy support.

I changed the following in Win gate after installation.
1. Web Access Control - Access Rules
Changed "allowed" rule as below
i) If this rule matches, how do you want to proceed - selected "Force clients to (re) authenticate
ii) Changed What to everything in What tab
2. Services
In Services->WWW Proxy Server Disabled Basic authentication and Enabled "Negotiate" and NTLM

With the above changes, when I tried to access a website from Edge I kept getting the dialog box for user name and password. (I have entered the correct domain user name and password) After 3 attempts I got the win gate error page. (authentication required.. ) I tried with Chrome browser also, but I still got the same message.

Is the above configuration correct? Any other configuration changes required?
Thanks in advance for your help.
landkruzer
 
Posts: 1
Joined: Jun 28 18 7:03 pm

Re: Wingate web proxy with NTLM authentication

Postby adrien » Jun 29 18 3:14 pm

Hi

Those rules are taken very literally. So if you have a rule that effectively states "any request must be responded to with an auth challenge" then that's what will happen.

So the clients will go through the auth handshake but still be challenged for auth.

The trick is to filter who you challenge for auth, on the who tab set it to everyone except, and then add "Authenticated users". Then it will only challenge users who aren't already authed.

Regards

Adrien de Croy
adrien
Qbik Staff
 
Posts: 5245
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to WinGate

Who is online

Users browsing this forum: adrien, Bing [Bot] and 3 guests