Hi there,
I am running Wingate v5.2.3 on a Windows 2000 workstation, within a Windows NT4.0 domain. I have selected NT users & NT authentication only, and have redirected my user database to the NT server successfully.
Everything is working great until I try to lock-down access by groups.
I am following the article on setting permissions on the WWW Proxy Server (set to port 80). I have redirect ENS/WGIC sessions checked.
I believe my rules are OK, because everything works the way I would expect if I use 'assumed' users.
I do understand that you must either authenticate through the java applet, or run WGIC. I have chosen to run WGIC, to make authentication as transparent to users as possible.
I do see a control session, and I have checked that the client does not have proxy settings configured.
What I don't understand, or see in searching the forums, is this:
I cannot connect to any web site when I have set up rules to only allow authenticated users to connect. (Restrict WWW Proxy, user must authenticate, ignore system rules)
If I look in the logs, I find that 'Username' is correctly specified (i.e. the NT account) but 'WG Username' is always guest.
What am I missing??? TIA,
Joe
Windows Authentication
Moderator: Qbik Staff
5 posts
• Page 1 of 1
by JoeProxy » Mar 20 04 3:50 am
OK, I've managed to solve my own problem.
http://support.qbik.com/index.php?_a=knowledgebase&_j=questiondetails&_i=88&nav=+%26gt%3B+%3Ca+href%3D%27index.php%3F_a%3Dknowledgebase%26_j%3Dsubcat%26_i%3D2%27%3EWinGate%3C%2Fa%3E
Even though I had specified authentication on the WWW proxy service (and IGNORE system policies), I had to require authentication at the system level.
Now my Username = WG Username, and everything works the way I desired.
http://support.qbik.com/index.php?_a=knowledgebase&_j=questiondetails&_i=88&nav=+%26gt%3B+%3Ca+href%3D%27index.php%3F_a%3Dknowledgebase%26_j%3Dsubcat%26_i%3D2%27%3EWinGate%3C%2Fa%3E
Even though I had specified authentication on the WWW proxy service (and IGNORE system policies), I had to require authentication at the system level.
Now my Username = WG Username, and everything works the way I desired.
- JoeProxy
- Posts: 4
- Joined: Mar 13 04 11:00 am
by erwin » Mar 22 04 3:49 pm
Hi Joe
Great to hear you got it working.
Possibly why you will see a difference between User(showing up as correct NT user) and WG Username showing up as guest is because when using th NT database option WinGate recieves the username (that you have logged into Windows with on the client machine) when a connection is made. Because no authentication has happened at this stage WinGate will deem this user as a guest depending on your config.
You can also have users authenticate by logging on to WinGate through GateKeeper for an alternative way authentication (besides Java and WGIC)
Regards
Erwin
Great to hear you got it working.
Possibly why you will see a difference between User(showing up as correct NT user) and WG Username showing up as guest is because when using th NT database option WinGate recieves the username (that you have logged into Windows with on the client machine) when a connection is made. Because no authentication has happened at this stage WinGate will deem this user as a guest depending on your config.
You can also have users authenticate by logging on to WinGate through GateKeeper for an alternative way authentication (besides Java and WGIC)
Regards
Erwin
- erwin
- Qbik Staff
- Posts: 408
- Joined: Sep 03 03 2:54 pm
by JoeProxy » Apr 03 04 9:14 am
hi erwin, thanks for getting back to me.
after everything seemed to be working exactly the way i wanted it, i made a couple of seemingly insignifigant changes <!> and everything stopped working!!! i then tried and tried to retrace my steps to get back to the point at which i had posted that i had solved my own problem, but i could not. <i think what messed everything up was that i tried to take one filter and add multiple criteria which seemed to be treated as logical AND rather then logical OR>
not having explicit details, i don't expect you to be able to give me a 'quick fix'. what i do ask is that if i give you the basic tasks we are trying to accomplish, for you to mention any 'caveats', procedures, kb articles, or any other source of information to help me reach my goal. any other wingate users/developers that could contribute would also be greatly appreciated!
what we are trying to do:
we have a nt4 domain with a pdc and bdc.
wingate runs on a multihomed w2k pro workstation.
wingate's user db is redirected to the pdc and seems to work fine.
we want to use the wgic to avoid java authentication. we always want authentication to be based upon windows domain logins.
we have about 4 assumed users, whom belong to a group which has unresctricted rights to to web proxy. this seems to work no matter what, even when the 'username' and 'wg username' don't always match <see earlier post in same thread>
the remaining users belong to groups with varying levels of web proxy access. basically, we use 'url contains' criteria to build filters to restrict access to other sites. for example, the 'shipping' group have access restricted to urls containing 'fedex.com' and 'ups.com', set as two rules with one criterion each.
in most configuration scenerios, i either end up allowing full web proxy access or no web proxy access to most users, regardless of what they should have access to.
so any suggestions, tests, or other info that could be offered would be greatly appreciated!!!
also - one last question. when changing filters/criteria/etc. what is the best way to assure the changes have been implemented? stop and start gatekeeper is what i have been doing.
thank you all,
joe
after everything seemed to be working exactly the way i wanted it, i made a couple of seemingly insignifigant changes <!> and everything stopped working!!! i then tried and tried to retrace my steps to get back to the point at which i had posted that i had solved my own problem, but i could not. <i think what messed everything up was that i tried to take one filter and add multiple criteria which seemed to be treated as logical AND rather then logical OR>
not having explicit details, i don't expect you to be able to give me a 'quick fix'. what i do ask is that if i give you the basic tasks we are trying to accomplish, for you to mention any 'caveats', procedures, kb articles, or any other source of information to help me reach my goal. any other wingate users/developers that could contribute would also be greatly appreciated!
what we are trying to do:
we have a nt4 domain with a pdc and bdc.
wingate runs on a multihomed w2k pro workstation.
wingate's user db is redirected to the pdc and seems to work fine.
we want to use the wgic to avoid java authentication. we always want authentication to be based upon windows domain logins.
we have about 4 assumed users, whom belong to a group which has unresctricted rights to to web proxy. this seems to work no matter what, even when the 'username' and 'wg username' don't always match <see earlier post in same thread>
the remaining users belong to groups with varying levels of web proxy access. basically, we use 'url contains' criteria to build filters to restrict access to other sites. for example, the 'shipping' group have access restricted to urls containing 'fedex.com' and 'ups.com', set as two rules with one criterion each.
in most configuration scenerios, i either end up allowing full web proxy access or no web proxy access to most users, regardless of what they should have access to.
so any suggestions, tests, or other info that could be offered would be greatly appreciated!!!
also - one last question. when changing filters/criteria/etc. what is the best way to assure the changes have been implemented? stop and start gatekeeper is what i have been doing.
thank you all,
joe
- JoeProxy
- Posts: 4
- Joined: Mar 13 04 11:00 am
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest