Hi I have Wingate installed on an XP machine, and have an active directory running on a terminal server 2003 machine which is also a terminal server where users access the Internet from. I have the proxy settings set in the users browsers and have the WWW Proxy service configured to allow 'Domain Users' access to the Internet. This setup was working fine and user traffic was being logged fine and all was good. The problem being I was forced to reinstall the 2003 terminal server and since then the setup no longer works. I have setup the server with the same domain name and all users with the same login and password as before and they are member of the 'Domain Users' group. None of the Wingate settings were changed. Once I realised it wasn't working I allowed all users access under 'Guest' and this works. I tried removing the Database Syncronisation with the Active Directory and deleted all users, then activated the syncronisation again and imported all the users fresh but again when I removed access via the Guest account access is denied. I am prompted to enter a username and password, and the users correct username and password does not work!! Help would be much appreciated.
Thanks.
Please help - User Authentication not working.
Moderator: Qbik Staff
5 posts
• Page 1 of 1
Please help - User Authentication not working.
by scotttiamit » Dec 09 04 8:00 am
- scotttiamit
- Posts: 5
- Joined: Nov 27 03 2:53 pm
by erwin » Dec 09 04 9:17 am
Hi Scott
Couple of questions.
Has the terminal server got a new IP address after the install? and if so did you change this in the MultiUser machines config in GateKeeper?.
It may be the case that the IP address of the old Term Server is listed in the MultiUser config and so WinGate is not seeing the new Term Server as a multiuser machine.
Once this is listed correctly in GateKeeper, individual clients should be authenticated individually through IE/WinGate.
You can set the clients IE browsers to login with "current user name and password option" (under security tab/Internet Zone/Advanced. ) This will allow users surf the Internet without being prompted for a user name and password by the browser each time they go to a different site, as it uses the details that they are currently logged on to the Term Server with.
Another benefit of having the clients use IE proxied through WinGate in Active Directory is that you can configure IE settings (which proxy server to use/logon funtions etc) as part of group policy. Which makes control even easier.
Check the Multi User config and let us know how you get on.
Regards
Erwin
Couple of questions.
Has the terminal server got a new IP address after the install? and if so did you change this in the MultiUser machines config in GateKeeper?.
It may be the case that the IP address of the old Term Server is listed in the MultiUser config and so WinGate is not seeing the new Term Server as a multiuser machine.
Once this is listed correctly in GateKeeper, individual clients should be authenticated individually through IE/WinGate.
You can set the clients IE browsers to login with "current user name and password option" (under security tab/Internet Zone/Advanced. ) This will allow users surf the Internet without being prompted for a user name and password by the browser each time they go to a different site, as it uses the details that they are currently logged on to the Term Server with.
Another benefit of having the clients use IE proxied through WinGate in Active Directory is that you can configure IE settings (which proxy server to use/logon funtions etc) as part of group policy. Which makes control even easier.
Check the Multi User config and let us know how you get on.
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
by scotttiamit » Dec 09 04 9:36 am
Hi Erwin, I have not changed the IP Address, all settings are exactly as prior to reinstall. In the Wingate Activity Screen the machine comes up as being multi user, i.e it is labelled as:
TSSERVER (multi users)
- Guest
-http://www.google.co.nz
I have also already enabled the "current user name and password option" option in IE. I still get prompted though! If I type in the username and password the box just comes up again as if it was wrong, if I enter it three times I get the "Access Denied" page.
I have used a login registry script to set the proxy settings for the user not GP. And this is obviously correct if the 'Guest' account works OK. So it must be WinGate.
Thanks for your help.
TSSERVER (multi users)
- Guest
-http://www.google.co.nz
I have also already enabled the "current user name and password option" option in IE. I still get prompted though! If I type in the username and password the box just comes up again as if it was wrong, if I enter it three times I get the "Access Denied" page.
I have used a login registry script to set the proxy settings for the user not GP. And this is obviously correct if the 'Guest' account works OK. So it must be WinGate.
Thanks for your help.
- scotttiamit
- Posts: 5
- Joined: Nov 27 03 2:53 pm
by erwin » Dec 10 04 11:27 am
Hi Scott
It seems strange that WinGate had been working perfectly for you and after you have had to reinstall/reconfigure the terminal server it is isnt.
I have restested this scenario here in the lab with WinGate attempting to replicate your scenario and unfortunately I have been unable to reproduce your issue.
How do you have the WWW proxy service in WinGate set to authenticate?
Obviously your using NTLM, but is the service policy requiring users to be authenticated applied to everyone or specific users?. Unless there is a policy in the WWW service set to require authentication then all users accessing will show up in the activity screen in GateKeeper, under the Multi User entry as guest.
May be there could have been a synchronisation issue when you have disabled/renabled and then resynchronised the Remote Database option in GateKeeper. Is the WinGate engine service using the correct Logon account to the domain controller so that synchronisation occurs correctly as described in the helpfile?.
Obviously if it has been working correctly before this then this is probably correct. I'm just covering the bases.
One other thing to try is stopping/and then restarting the WinGate engine (or rebooting the WinGate server)so that the WinGate engine service is forced to log back onto the domain controller.
Regards
Erwin
It seems strange that WinGate had been working perfectly for you and after you have had to reinstall/reconfigure the terminal server it is isnt.
I have restested this scenario here in the lab with WinGate attempting to replicate your scenario and unfortunately I have been unable to reproduce your issue.
How do you have the WWW proxy service in WinGate set to authenticate?
Obviously your using NTLM, but is the service policy requiring users to be authenticated applied to everyone or specific users?. Unless there is a policy in the WWW service set to require authentication then all users accessing will show up in the activity screen in GateKeeper, under the Multi User entry as guest.
May be there could have been a synchronisation issue when you have disabled/renabled and then resynchronised the Remote Database option in GateKeeper. Is the WinGate engine service using the correct Logon account to the domain controller so that synchronisation occurs correctly as described in the helpfile?.
Obviously if it has been working correctly before this then this is probably correct. I'm just covering the bases.
One other thing to try is stopping/and then restarting the WinGate engine (or rebooting the WinGate server)so that the WinGate engine service is forced to log back onto the domain controller.
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
Solution.
by scotttiamit » Dec 15 04 3:36 pm
Thanks for your help Erwin.
The solution that worked for me was to remove the Wingate server from the domain and put onto a workgroup. I then rebooted and put it back on the domain, rebooted again. I think it was because the Wingate server was unable to validate properly. I found when I did this a new user profile was created and the desktop etc has changed, so I guess the machine had domain problems. I then found the wingate service would not start so in the Admin Tools -> Services area I reset the user settings for the service to be the domains Administrator. The service then started OK.
Just to make sure I then deleted the WWW service and also deleted the database users and groups (except Administrator and Guest). I then syncronised the database again to the domain controller. Once this was done I added the WWW Proxy Service to ensure that the correct domain user group etc was used by the service.
Tested and all is OK. Users are showing up.
Thanks.
The solution that worked for me was to remove the Wingate server from the domain and put onto a workgroup. I then rebooted and put it back on the domain, rebooted again. I think it was because the Wingate server was unable to validate properly. I found when I did this a new user profile was created and the desktop etc has changed, so I guess the machine had domain problems. I then found the wingate service would not start so in the Admin Tools -> Services area I reset the user settings for the service to be the domains Administrator. The service then started OK.
Just to make sure I then deleted the WWW service and also deleted the database users and groups (except Administrator and Guest). I then syncronised the database again to the domain controller. Once this was done I added the WWW Proxy Service to ensure that the correct domain user group etc was used by the service.
Tested and all is OK. Users are showing up.
Thanks.
- scotttiamit
- Posts: 5
- Joined: Nov 27 03 2:53 pm
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 7 guests