WinGate Forums

[saubrey]

I’m very confused about how to force users of the Internet to authenticate, without hassling them. I’m using WG 6.04 Standard and Win2k w/active directory. I want all users to authenticate for all uses (ftp, socks, NAT, WWW, etc.) of the Internet, not just WWW. I consider forcing AOL IM users to first open a browser to authenticate a hassle. AOL IM uses WG’s socks proxy. Can you point me at an article that describes how best to configure WG?

I tried Java authentication for WWW proxy, but one of my client’s IE browsers didn’t display the applet, and Firefox’s pop-up blocker prevented the java authentication pop-up window from displaying…so Java authentication is not a viable mechanism.

I then tried Basic authentication for WWW proxy, but it didn’t do anything…all users were allowed access to the Internet without authenticating. Not sure what is wrong, but like I said, I'm very confused about WG's authentication.

I tried configuring WG to use NT authentication, but it didn’t do much except remove Java authentication from the WWW proxy’s available authentication methods. I guess WG Standard doesn't support NTLM. Even if I upgrade to Pro, I'm not sure WG can do what I want...although WG has so many features in this area, I'm sure it can if I can ever figure it out.

My needs are simple. All users must authenticate before getting Internet access. Ideally I would like that the user never sees a WG pop-up that asks for authentication…all my users have already logged into the Win2k domain with a valid username/password…If WG could automatically discover that username and use it. Then I will configure WG to restrict specific services for specific users.
Thanks, Steve

[MattP]

Hi Steve,

The best option for you would probably be to use the WGIC(WinGate Internet Client) with NTLM authentication. This would require upgrading to a Professional license though. Why don't you activate a trial license to make sure it works for you before you purchase the upgrade. If you've trialled version 6 on this machine before then we'd be happy to extend your trial license for you, just send in a trial email activation request and ask for an extension in the email.

Using the WGIC and NTLM you would specify that authentication is required in the WinSock Redirector Service. The clients would each run the WGIC on their machines. The WGIC sends through the NT user information to the WinGate server which verifies the authetication. As long as the username and password is correct the users won't see an authentication prompt.

You can then create policies in the proxies, requiring all users to be authenticated (but don't specify the type of authentication, because this can confuse the issue) and only users who are authenticated with the WGIC will have access.

Using NTLM requires you to use the Operating System database in WinGate, but this is quite straightforward. Installing the WGIC on the client machines can also be done very easily, just add the WGIC.msi file to the login path, for more information see our knowledge base article here, http://support.qbik.com/index.php?_a=kn ... ils&_i=110

Regards,

Matt