WinGate Forums

[StealthCubz]

Hi

About 2 weeks ago, I asked for some help on my proxy server, I really thought that the replication on the PDC and BDC was causing the problem, but at last it’s replicating again, and I am still having the same problem.

Proxy Setup: (10.0.0.8:80)
The proxy is setup so that people have access from 7am-8am; 1pm-2pm; 6pm-8pm, syncing with the PDC and using NTLM authentication.

The Problem:
Using NTLM authentication, while using this it pops up with a password box on the client machine, asking for username and password for the proxy machine (10.0.0.8)

If i use basic authentication, it doesnt allow anyone access, just says you are not authorised to view this page.

Can anyone please help me ?

[adrien]

Hi

Basic authentication only achieves a security level of "assumed", so if your policies require users to be authenticated, then Basic won't be enough. That leaves 2 options.

1. Set the policy level back to allow assumed; or
2. use NTLM.

so with NTLM you get a password box? That normally is to do with your security settings in Internet Explorer.

Is IE configured to use a proxy, or are you intercepting connections?

If you intercept, then IE think's that it's the end webserver that is asking for auth (it doesn't know about the proxy), so for each different server, it won't try the same password etc. So for this, there are 2 options.

1. configure IE to always log in with current credentials.
2. configure IE to use the proxy directly (rather than intercept connections).

Regards

Adrien

[StealthCubz]

Hi

Well i am not intercepting the packets, IE is configured on all the machines to use the proxy server.

I think that something actually went wrong on the "WWW Proxy Service" it self, i created a new "WWW Proxy Service" ran it on port 8080, same rules as on the other service, and it allowed ppl to connect. Now i uninstalled the first instance of the service and configured the new service to work on port 80. so far it all seems too good to be true. its only 13:30 now so as soon as the clock strikes 14:00 i will check again.

But thanks for your help Adrian.

[StealthCubz]

Ok so i lied :( it was working fine because it was between 13:00 and 14:00 back to normal again, looking in the log i see everyone is trying to authenticate as guest, even on machines that i changed the IE to logon using current credentials shows authenticated as guest

[StealthCubz]

As you can see in these post i am loosing my lil head :(

Back to the problem, looking in the logs i only see people logging on as guest, so i take it that is the problem, wingate dont see users as they really are

I did try forcing IE to use current credintials, but when they get to wingate it still see's them as Guest

Anyone have a Idea as to what is going on here ?

[ChrisH]

This is getting a little confusing. Are you saying that during the times you allow access (eg 1300 to 1400) everything is working fine? Users are authenticating transparently through IE at these times? When do users show up as guests? Always? If WG doesn't know who users are (either by assumption or authentication), then they will deemed to be guests. So if one of your policies requires authentication and users can't authenticate for some reason, they will show up as guests and be denied access. What are your System policies? And in your WWW service are you including System policy? I mean here, under WWW service policies is Default rights (System policies) set to are ignored or MUST also be granted? If WG deems users as guests always I might suggest that WG isn't using a current user list or can't get it. Is it connecting correctly to the right user db? Does WG service have rights on the PDC ? In GateKeeper, under the Users list are all users listed there and are accounts enabled for the users? Under Database Options is WG synchronising with PDC? Sorry for asking so many questions.

[StealthCubz]

Yes during 13:00 and 14:00 everything works fine, reason being the Guest account has access to the internet during that time too, I'm using NTLM for authenticating so they should always authenticate ?? User always shows up as guest accept the localhost which i am using now, and i got it to ignore the system policies, well the PDC and the BDC is synced so its the same user DB and it shouldnt be wrong , and my WG is updating with the PDC ATM.

Wouldnt it be eayser for me to authenticate eople if i use WGIC ?

[ChrisH]

In your first posting you indicated a pop up authentication box appears -if the correct information is entered, does user authenticate OK? What does WG say about user -still Guest? If you are using NTLM for authentication, this pop up box will appear unless the browser forwards the current credentials as Adrien indicated in his post and authentication will then happen transparently for the user. Personally, unless you are using the WRS service to restrict client apps I wouldn't use the WGIC to authenticate because it means all client machines need to have WGIC installed, but that's just me. The NTLM method should work no problem.