Hi,
I have a problem with a client running 6.2 and using Assumed User authentication.
They have their machine names setup in the assumed user list against the usernames. The system policy is set to "may be assumed" but all the workstations are failing. The history shows that they aren't be authenticated as GUEST doesnt have permission. Nothing seems to get the wingate engine to realise that user "richard" on machine "richard" is allowed to use the internet.
Only setting the system policy to "May be unknown" allows them access, but then they all get marked as the GUEST user. This clearly then ruins any sense of logging and blocking on a per user basis.
Anyone know why the assumed user authentication may not be working? Anything obvious we have missed ?
Olly
Assumed user authentication not assuming
Moderator: Qbik Staff
4 posts
• Page 1 of 1
Assumed user authentication not assuming
by oliverm » Oct 23 08 10:37 pm
- oliverm
- Posts: 4
- Joined: Aug 13 08 3:38 am
Re: Assumed user authentication not assuming
by ChrisH » Oct 24 08 1:20 am
Hi Olly, is WG providing DHCP service in this scenario? If it is - I would suggest leaving system policy at "user may be unknown" and adjust individual service policies, like WWW service, to "user may be assumend". If it's not, WG will have a hard time figuring out who is who.
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
Re: Assumed user authentication not assuming
by oliverm » Oct 24 08 2:20 am
In this instance DHCP is being handled by the windows server. Wingate is showing the computer names of the computers when they try to authenticate though, so it does know which machine is which, so in turn shouldnt it then be able to assume which user is which ?
- oliverm
- Posts: 4
- Joined: Aug 13 08 3:38 am
Re: Assumed user authentication not assuming
by adrien » Oct 24 08 9:43 am
Hi
If you're not using the WinGate Client, or WinGate for DHCP, then machine names aren't available to WinGate.
Even though they may be showing up in the activity window, that's as a result of a reverse DNS lookup on the IP address connecting in (this will be more clear if you have external connections coming in), so WinGate considers those names to be the hostname, not the machine NetBIOS name, and these aren't used for looking up assumptions.
If you want to therefore use assumptions, you may need to assume by IP address.
Other option may be (depending on your network environment there) to use integrated authentication in the client browsers. If you're using IE (or now Google Chrome) and Active Directory you can use group policy to set browsers to connect to the proxy, and automatically use current username/pass for credentials. Then you'd need to get the WWW proxy to use NTLM (which requires policy to require users to be authenticated).
Regards
Adrien
If you're not using the WinGate Client, or WinGate for DHCP, then machine names aren't available to WinGate.
Even though they may be showing up in the activity window, that's as a result of a reverse DNS lookup on the IP address connecting in (this will be more clear if you have external connections coming in), so WinGate considers those names to be the hostname, not the machine NetBIOS name, and these aren't used for looking up assumptions.
If you want to therefore use assumptions, you may need to assume by IP address.
Other option may be (depending on your network environment there) to use integrated authentication in the client browsers. If you're using IE (or now Google Chrome) and Active Directory you can use group policy to set browsers to connect to the proxy, and automatically use current username/pass for credentials. Then you'd need to get the WWW proxy to use NTLM (which requires policy to require users to be authenticated).
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 8 guests