We use WinGate 7 (last update) in a Windows 2008 Domain network.
In the log data we found 33% of WWW Proxy traffic witch "cs-username" blank.
We use the NTLM Authentication.
In WinGate 6 we haven't this problem.
Any ideas?
Many Thank,
WinGate 7 - username black
Moderator: Qbik Staff
11 posts
• Page 1 of 1
WinGate 7 - username black
by gsaccardo » Feb 05 13 10:35 pm
- gsaccardo
- Posts: 5
- Joined: Feb 05 13 10:16 pm
Re: WinGate 7 - username black
by adrien » Feb 06 13 2:58 am
HI
what is the status code for this, under sc-status. If it's 407 it's an auth challenge (1st step toward authentication).
Regards
Adrien
what is the status code for this, under sc-status. If it's 407 it's an auth challenge (1st step toward authentication).
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: WinGate 7 - username black
by gsaccardo » Feb 06 13 3:05 am
adrien wrote:HI
what is the status code for this, under sc-status. If it's 407 it's an auth challenge (1st step toward authentication).
Regards
Adrien
It's 200 and 407. What I must do?
Thanks
- gsaccardo
- Posts: 5
- Joined: Feb 05 13 10:16 pm
Re: WinGate 7 - username black
by adrien » Feb 06 13 8:49 am
Hi
the 407 ones you can ignore, since you should notice the request is repeated close below in the log but that time with the username.
In NTLM / Negotiate auth, the request is made 3 times to establish a new authentication, so you'd see 2 x 407, then a 200 if the request is allowed, with the username. This is just the way http authentication works, so there's nothing you can do about that.
If there are entries where sc-status is 200 and there's no username, that means that auth isn't happening or required for that request. Some sites you should allow access to without auth, such as
a) windows update sites
b) online certificate checking sites
since these sites are used by parts of the client OSes that really don't deal well with authentication.
Regards
Adrien
the 407 ones you can ignore, since you should notice the request is repeated close below in the log but that time with the username.
In NTLM / Negotiate auth, the request is made 3 times to establish a new authentication, so you'd see 2 x 407, then a 200 if the request is allowed, with the username. This is just the way http authentication works, so there's nothing you can do about that.
If there are entries where sc-status is 200 and there's no username, that means that auth isn't happening or required for that request. Some sites you should allow access to without auth, such as
a) windows update sites
b) online certificate checking sites
since these sites are used by parts of the client OSes that really don't deal well with authentication.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: WinGate 7 - username black
by gsaccardo » Feb 12 13 11:03 pm
Can you please read the log in attach?
You can see that the website isn't windows update or online certificate cecking sites.
Thanks
Regards.
You can see that the website isn't windows update or online certificate cecking sites.
Thanks
Regards.
adrien wrote:Hi
the 407 ones you can ignore, since you should notice the request is repeated close below in the log but that time with the username.
In NTLM / Negotiate auth, the request is made 3 times to establish a new authentication, so you'd see 2 x 407, then a 200 if the request is allowed, with the username. This is just the way http authentication works, so there's nothing you can do about that.
If there are entries where sc-status is 200 and there's no username, that means that auth isn't happening or required for that request. Some sites you should allow access to without auth, such as
a) windows update sites
b) online certificate checking sites
since these sites are used by parts of the client OSes that really don't deal well with authentication.
Regards
Adrien
- gsaccardo
- Posts: 5
- Joined: Feb 05 13 10:16 pm
Re: WinGate 7 - username black
by adrien » Feb 13 13 1:16 pm
Hi
I don't see any attached file.
the point is, that if the policy allows access to the site (no matter what sort of site it is) without authentication, then the user wouldn't be forced to authenticate, and you wouldn't learn the username.
Regards
Adrien
I don't see any attached file.
the point is, that if the policy allows access to the site (no matter what sort of site it is) without authentication, then the user wouldn't be forced to authenticate, and you wouldn't learn the username.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: WinGate 7 - username black
by gsaccardo » Feb 13 13 9:36 pm
Did you see it now?
Thanks.
Thanks.
adrien wrote:Hi
I don't see any attached file.
the point is, that if the policy allows access to the site (no matter what sort of site it is) without authentication, then the user wouldn't be forced to authenticate, and you wouldn't learn the username.
Regards
Adrien
- Attachments
-
20130212_000_WWW Proxy Server.zip- Log file
- (23.96 KiB) Downloaded 362 times
- gsaccardo
- Posts: 5
- Joined: Feb 05 13 10:16 pm
Re: WinGate 7 - username black
by adrien » Feb 13 13 9:48 pm
Hi
I see the file, but I see no evidence of there being any authentication done.
How are your users authenticating?
Did you set policy to require authentication?
Regards
Adrien
I see the file, but I see no evidence of there being any authentication done.
How are your users authenticating?
Did you set policy to require authentication?
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: WinGate 7 - username black
by gsaccardo » Feb 13 13 10:06 pm
Good morning,
we took some info from the log including the connections properly authenticated. If you want to send the complete log via email, but in private.
The problem for us is seen in the data in the log I sent.
The NTLM authentication is enabled.
Thank you.
we took some info from the log including the connections properly authenticated. If you want to send the complete log via email, but in private.
The problem for us is seen in the data in the log I sent.
The NTLM authentication is enabled.
Thank you.
adrien wrote:Hi
I see the file, but I see no evidence of there being any authentication done.
How are your users authenticating?
Did you set policy to require authentication?
Regards
Adrien
- gsaccardo
- Posts: 5
- Joined: Feb 05 13 10:16 pm
Re: WinGate 7 - username black
by adrien » Feb 13 13 10:13 pm
Hi
it's probably quickest to resolve if we can look at your system remotely.
We normally recommend teamviewer for that. If you wish to go ahead with that, send an email to support@wingate.com and we can pick it up from there.
If teamviewer is ok, send us the ID and password and we can connect straight away.
Regards
Adrien
it's probably quickest to resolve if we can look at your system remotely.
We normally recommend teamviewer for that. If you wish to go ahead with that, send an email to support@wingate.com and we can pick it up from there.
If teamviewer is ok, send us the ID and password and we can connect straight away.
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Re: WinGate 7 - username black
by adrien » Feb 15 13 3:07 pm
just for the benefit of others watching this thread.
the problem was due to missing account name in the active directory user objects (old ones that only had domain-compatible ones), so logging was correctly logging blank name.
the problem was due to missing account name in the active directory user objects (old ones that only had domain-compatible ones), so logging was correctly logging blank name.
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
11 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 21 guests