WinGate Forums

[apple]

In WinGate 6, we were able to assume a default user without prompting for login (other users were recognized by computer name), how can we do this in WinGate 8? The login requirement is problematic especially when accessing net through Linux command line.

Thanks!

[adrien]

Hi

there is a way to do this. In fact if you upgrade (over the top install) WinGate 6 to WinGate 7 or 8, it will replace existing assumed users with "credential rules".

This is where you'd need to go to alter this: WinGate > Control Panel > Credential rules.

If you add a rule it should be fairly self-explanatory.

Regards

Adrien

[apple]

Thanks, that's what I am doing now, using the Credential Rules. But it's not practical to define every computer/ip, I need to set a default user for computers not in the list. In WinGate 6, the default user would be Guest.

[adrien]

Hi

now the default user is called "unknown". This is so it wouldn't collide with the real Guest account.

What are you trying to do that requires setting default user? There's probably another way.

Regards

Adrien

[apple]

Here's what I want:
1. Most users are recognized by computer name, so they won't be prompted for login. Some belong to Unrestricted group. The rest belong to Restricted group.
2. Those not in the Credential Rules will be Unknown user, which belongs to Restricted group too.
3. I don't want the login prompt to appear.

Thanks!

[vaibhav]

PLZZ Help me . I want to know how to block all websites except one through wingate proxy server.

[adrien]

Here's what I want:
1. Most users are recognized by computer name, so they won't be prompted for login. Some belong to Unrestricted group. The rest belong to Restricted group.
2. Those not in the Credential Rules will be Unknown user, which belongs to Restricted group too.
3. I don't want the login prompt to appear.

Thanks!

Which user database are you using in WinGate? Mostly even with authentication on, you don't see login dialogs on clients, since they all nowadays handle integrated auth using windows or domain credentials.

For auth to work properly though, you need to configure the client to use the proxy (rather than intercepting) so that the browser knows it is authing to a proxy (and not a server on the net) and therefore will reuse proxy creds where otherwise it would keep prompting for what it thinks are server credential requests.

You can use subnetting to assume based on a range of IPs if that helps.

Alternatively, you don't need to assume to set per-IP access control, since the access control rules can apply to client IP as well or instead of the username.

Regards

Adrien

[adrien]

PLZZ Help me . I want to know how to block all websites except one through wingate proxy server.

To block all websites except one, just make a rule to allow that site, and set the default rule to deny.

P.s. it would be much easier if you created a new topic for new questions, rather than fragmenting an existing one.

[apple]

Which user database are you using in WinGate? Mostly even with authentication on, you don't see login dialogs on clients, since they all nowadays handle integrated auth using windows or domain credentials.

For auth to work properly though, you need to configure the client to use the proxy (rather than intercepting) so that the browser knows it is authing to a proxy (and not a server on the net) and therefore will reuse proxy creds where otherwise it would keep prompting for what it thinks are server credential requests.

You can use subnetting to assume based on a range of IPs if that helps.

Alternatively, you don't need to assume to set per-IP access control, since the access control rules can apply to client IP as well or instead of the username.

I am using Active Directory Connector. All clients are using proxy. They will see the reject page if they don't.

There is no login dialogs on clients that are recognized by Credential Rules. But there will be login dialogs for clients not in the Credential Rule. Why?

[adrien]

Hi

how are you forcing authentication? Using Web access Control rules, or flow-chart policy?

Also, one more thing required for common browsers to do integrated auth - the WWW proxy needs to have NTLM authentication enabled, if you disabled this (and Negotiate) it would cause the login prompt.

Regards

Adrien

[apple]

Hi

how are you forcing authentication? Using Web access Control rules, or flow-chart policy?

Also, one more thing required for common browsers to do integrated auth - the WWW proxy needs to have NTLM authentication enabled, if you disabled this (and Negotiate) it would cause the login prompt.

I am using Web access Control rules.
Negotiate and NTLM in WWW Proxy Server are enabled, but disabled Basic.

[adrien]

Hi

ok, with the web access control rules, if you're using a re-authenticate rule you could get some issues like this. Normally for auth using the web access control rules, just make an allow rule which requires knowledge of the user (e.g. doesn't match on everybody in the "who" tab).

Regards

Adrien

[apple]

Hi
ok, with the web access control rules, if you're using a re-authenticate rule you could get some issues like this. Normally for auth using the web access control rules, just make an allow rule which requires knowledge of the user (e.g. doesn't match on everybody in the "who" tab).

I don't have any re-authenticate rule in Access Rules. Have added a "New Rule" but still get login prompt for user not in the Credential Rules.

access rules.png (84.98 KiB) Viewed 11727 times

[adrien]

Hi

ok, in that case, either the auth is failing (which should be logged), or you don't have NTLM auth method enabled in the WWW proxy. Browsers will pop a login dialog if you only have Basic auth enabled.

Adrien

[apple]

Hi

ok, in that case, either the auth is failing (which should be logged), or you don't have NTLM auth method enabled in the WWW proxy. Browsers will pop a login dialog if you only have Basic auth enabled.

Adrien

Thanks and Happy New Year :)

All auth methods are enabled (Negotiate, NTLM, Basic) in WWW Proxy. I set "Log level" to "Debug" in WWW Proxy. For Unknown user I see this.

global-log.png (143.39 KiB) Viewed 11716 times