Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Dec 08 12 3:55 am
Hello everyone.
I'm migrating a Wg 6 installation to Wg7 so i'm facing some difficulties about new/chenged features.
I choose AD as user database and I succesfully setup web access control rules.
I choose NTLM authentication method within WWW proxy server: when a user starts browsing I can see 'his name - Authenticated [NTLM]' in the activity panel: works fine.
Now I'm trying to setup a FTP proxy server:
- if I select 'Require auth to proxy' to true I can make it accept connections only with users belonging to then domain Administratos group: where can I specify who is allowed to use ftp proxy in this case? (policy?)
- if I select 'Require auth to proxy' to false and setup a policy for the ConnectToServer event of this proxy (checking for a specific domain group membership) I can make it accept connections only if the user has been already authenticated starting a www proxy session (opening the internet brawser triggering the ntlm authentication) before the ftp client begins connection procedures.
At present I ask the users to open the brawser before opening the ftp session, but what is the better way to implement authentication with ftp proxy (or other proxyes like socks5)
I thought that binding the user database to AD would cause the identidication/authentication of who is connecting to the server (to whatever proxy) for the sole reason of being logged in to a domain workstation.
Thank you,
Matteo
Dec 08 12 7:33 am
Hi
using the AD connector means you can authenticate against AD accounts. Whether or not clients are required to authenticate is a function of your proxy config.
For web access, where authentication is required this normally means browsers will automatically authenticate without user intervention.
For ftp proxy, if you require auth to proxy, then the clients would need to be configured to authenticate, e.g. a client like filezilla has several auth options that are compatible.
Same for SOCKS, if you require auth, then the SOCKS clients need to be configured to auth as well.
Like you said, if the user auths with a web browser first, then WinGate presumes subsequent connections from that IP are from the same user, but that is just a presumption - although it's normally correct, authentication is the mechanism used to be certain.
Regards
Adrien de Croy
Dec 08 12 8:43 am
Dead Adrien,
thank you for your reply.
As I said I tryed to use auth with ftp proxy (using filezilla) but access is granted only if the user blogs to administrators group.
May be you have a suggestion about this behaviour, there are no policyes active on ftp proxy, on auth is required.
Thanks,
Matteo
Dec 08 12 10:24 am
Hi
if there are no policies, then any authenticated user should work. We may need to take a look at your server.
Can you submit a support ticket and we can take it from there, we normally recommend teamviewer.
Regards
Adrien
Jan 15 13 11:41 pm
Hi Adrian,
the problem was an "old" test user, I created a new clean test user and new test groups and finally averything went to the right direction.
Sorry for replying so late.
Thank you for your attention,
regards,
Matteo
Powered by phpBB © phpBB Group.
phpBB Mobile / SEO by Artodia.