Hello!
I have just recently purchased the current version of wingate. I am a new user. Our network runs on a Windows 2003 Server domain with DHCP and DNS running on the PDC. I installed WinGate on another box with also a Win2003 OS but not configured for any server role and not a member of my domain and is a only workgroup of its own connected to an external router. I have followed all the instructions and installed WinGate successfully with NT authentication. My WinGate box has no problem in accessing the net, but all my other workstation (server included) can not use internet access even with WGIC!
I can see the WinGate box on the Network. Pinged it and responded normally. The only way I can access the net is if when I use the GateKeeper to login from a workstation. All other users are authenticated as guest and some do not even appear on the history at all!
I have removed the "." on my forwarders group, as advice by some posts, but still no luck!
Please help!
[b]WinGate 6 on Windows Server 2003 Active Directory[/b]
Moderator: Qbik Staff
5 posts
• Page 1 of 1
[b]WinGate 6 on Windows Server 2003 Active Directory[/b]
by ALainONE » Aug 03 06 8:30 am
- ALainONE
- Posts: 53
- Joined: Aug 03 06 7:10 am
- Location: Muscat, OM
by erwin » Aug 03 06 12:35 pm
Hi there
Since you have set NTLM Authentication, have you also set a policy in WinGate for users to be authenticated ?.
This sounds as though there is a policy in WinGate that requires users to be authenticated before they have access. Which is why when you log into GateKeeper on a workstation you become authenticated with WinGate and so have access.
Check to see if there is a policy doing this in WinGate and remember if policy requires authentication it means that users have to have someway of authenticating with WinGate before the can have access.
Using NTLM this can be done via Gatekeeper login, or through a Internet browser that supports NTLM authentication it is being directed through the proxy service where the policy is set.
You can also use NTLM auth with WGIC but the access policy needs to be set in the Winsock Redirector service.
Regards
Erwin
Since you have set NTLM Authentication, have you also set a policy in WinGate for users to be authenticated ?.
The only way I can access the net is if when I use the GateKeeper to login from a workstation
This sounds as though there is a policy in WinGate that requires users to be authenticated before they have access. Which is why when you log into GateKeeper on a workstation you become authenticated with WinGate and so have access.
Check to see if there is a policy doing this in WinGate and remember if policy requires authentication it means that users have to have someway of authenticating with WinGate before the can have access.
Using NTLM this can be done via Gatekeeper login, or through a Internet browser that supports NTLM authentication it is being directed through the proxy service where the policy is set.
You can also use NTLM auth with WGIC but the access policy needs to be set in the Winsock Redirector service.
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
by ALainONE » Aug 03 06 7:32 pm
Thank you for your reply! As per your instruction, I removed the policies associated with users to be authenticated and replaced them with unrestricted access to everyone and worked great!
But upon checking the wingate history, i saw that they are logged in as guest. So, I thought to myself... maybe if I just give unrestricted access to each user and remove the everyone account from the policies it might show on the history the username instead of guest...
To test my theory, I save the changes, closed gatekeeper and to my surprise... I can not log in to gatekeeper anymore! It says "Connection with WinGate Server Terminated!" My clients can still connect to the internet. It's just that I can not open GateKeeper anymore as Administrator from the Server itself nor from the client machines!
Please advice!
But upon checking the wingate history, i saw that they are logged in as guest. So, I thought to myself... maybe if I just give unrestricted access to each user and remove the everyone account from the policies it might show on the history the username instead of guest...
To test my theory, I save the changes, closed gatekeeper and to my surprise... I can not log in to gatekeeper anymore! It says "Connection with WinGate Server Terminated!" My clients can still connect to the internet. It's just that I can not open GateKeeper anymore as Administrator from the Server itself nor from the client machines!
Please advice!
- ALainONE
- Posts: 53
- Joined: Aug 03 06 7:10 am
- Location: Muscat, OM
by erwin » Aug 04 06 1:09 pm
Hi there
Looks like you've locked yourself out of GateKeeper...doh!
I take it when you were configuring policies you were setting access policy in the Sytem policies configuration(these policies apply to all services in WinGate) and not per Service basis...correct?
As described in the WinGate helpfile under the WinGate Security Model\Policies and Rights\System policies section:
So by the sounds of it this is what you've done by removing Everyone and assigning individual access you possibly havent given access to the administrator.
You can fix it 2 ways:
1.
After Wingate is installed copy of this default registry is place in the Backup folder of the WinGate directory. You can reimport this registry to reset WinGate access BUT you WILL LOSE all WINGATE configuration changes that you have made since the installation.
2.
Or alternatively you can follow the manual registry edit procedure described to fix this scenario at the bottom of System Policy section of the WinGate Helpfile. Of course all warnings about backing up/editing the registry apply...
This solution basically gets you to reset the DefaultRights\Access\Recipient0 settings
Hope this helps
Regards
Erwin
Looks like you've locked yourself out of GateKeeper...doh!
I take it when you were configuring policies you were setting access policy in the Sytem policies configuration(these policies apply to all services in WinGate) and not per Service basis...correct?
As described in the WinGate helpfile under the WinGate Security Model\Policies and Rights\System policies section:
In WinGate EVERYONE is assigned access under Users can access services/this service policy.
This is done primarily so that access to all services is available until restricted by the Administrator through either System or Service policies.
This effectively allows the Administrator access to the Remote Control service so that they can log into GateKeeper for the first time. If EVERYONE is removed then this will deny all access to the Remote Control service, and so no-one including the Administrator will be allowed to log into WinGate.
So by the sounds of it this is what you've done by removing Everyone and assigning individual access you possibly havent given access to the administrator.
You can fix it 2 ways:
1.
After Wingate is installed copy of this default registry is place in the Backup folder of the WinGate directory. You can reimport this registry to reset WinGate access BUT you WILL LOSE all WINGATE configuration changes that you have made since the installation.
2.
Or alternatively you can follow the manual registry edit procedure described to fix this scenario at the bottom of System Policy section of the WinGate Helpfile. Of course all warnings about backing up/editing the registry apply...
This solution basically gets you to reset the DefaultRights\Access\Recipient0 settings
Hope this helps
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 2 guests