WinGate Forums

[HUEYDOK]

Hello. I am evaluating WinGate 6.5.2 and have it working successfully authenticating against my Windows 2003 Active Directory. However, if a non-domain computer attempts to connect without a valid user account in AD (since IE passes the logged in user credentials automatically), they simply receive a standard IE error page instead of being prompted for a user name and password by the proxy server. Is this possible in WinGate? I need this functionality so I can allow guests and consultants a way to access the Internet (after being prompted for an AD user name and password that I would provide to them).

By the way: I am using NTLM authentication (obviously), so I assume that the Java client is not available. However, I would stil think that the normal IE user name and password prompt should appear when the credentials fail the first time?

Please let me know if you need anymore info from me to answer the question. Thanks!

[ChrisH]

My suggestion is to add another Everyone group under the Policies tab of the WWW proxy service where the User may be assumed is selected. You will also need to ensure under the General tab that Basic authentication is checked( as well as NTLM of course). This should now trigger the non-domain computers browser to prompt for the authentication window. Let us know if this helps.

[HUEYDOK]

Hello. I tried your suggestion but it did not produce the desired results, which are that any user attempting to connect via the Proxy (HTTP) that are NOT included in a remote user database (Active Directory) should receive a user name and password prompt. I believe this may be related to some issues with remote DB authentication, which I have posted in a separate posting just a few minutes ago. Note that the only prompt I can ever receive is the proprietary Wingate prompt, and then only if I have authentication set to not use the local OS and/or a remote user database (AD).

[logan]

Is the WinGate computer a member of the domain?
Is there a DNS setting pointing to the ADDNS server?
Is the WinGate engine logging on with a domain admin account?

It would be helpful to see your current configuration, so if you could create a support ticket and include the following information, we should be able to provide assistance specific to your scenario.

1. WinGate Registry
GateKeeper --> Options menu --> Advanced --> Save Registry

2. WinGate Config Report
GateKeeper --> Options menu --> Advanced --> Save Config Report

3. ipconfig/all from one LAN Client
(Windows) Start menu --> Run --> cmd --> ipconfig/all >> C:\ipa-client.txt

4. ipconfig/all from the WinGate Server
(Windows) Start menu --> Run --> cmd --> ipconfig/all >> C:\ipa-server.txt

[HUEYDOK]

OK - I have submitted a support ticket with the config files you requested. Please take a look and let me know if I have an incorrect configuration or what I should do. Thanks for the help - if we can get this resolved everything else is ready for implementation!

[Darr]

Would it be possible to post the resolution for this problem?
i.e. assuming a satisfactory solution was found.

Thanks.

[logan]

Hi Darr,

After further testing, we could not reproduce the problem reliably. The non-domain computers we tested were being prompted for auth and authenticated successfully. The notebook(s) that were experiencing this problem were not available for testing.

I recommend setting the www proxy manually in the client browser. This should resolve most issues regarding NTLM authentication.