This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Captive Portal NTLM Authentication IPv6

Hi,

we try to get the NTLM Authentication for the clientless captive portal working.
For IPv4 it runs pretty well. So if we goto a website with only IPv4 enabled no authentication page is presented and the user is logged in via NTLM.

But if we open a IPv6 site, for example www.google.com we get the captive portal login page.
When entering the credentials everything works as expected and the IPv6 Adress is shown in Liveusers.

But it seems NTLM is not working.

So why ? :)

This thread was automatically locked due to age.

Parents

0 LuCar Toni over 6 years ago

NTLM is just sooo ... Use other kind of authentication... Nevermind, i am not quite the fan of NTLM :)

So lets check this. Could be some kind of issue with the Client. Did you already perform a Tcpdump on XG?

https://community.sophos.com/products/community-chat/f/knowledge-base-article-suggestions/105811/how-to-tcpdump-on-xg

The Captive Portal is just a fallback authentication, in case NTLM fails.

The Wireshark dump file should show the NTLM Authentication. https://en.wikipedia.org/wiki/NT_LAN_Manager
Cancel
Vote Up 0 Vote Down

Cancel
0 benny4982 over 6 years ago in reply to LuCar Toni

Hi,

thanks for the reply.
We disabled IPv6 random address to identify the source host.
After we have done the following dumps:

IPv4 (x.x.x.x replaced by the real IPv4 address
tcpdump -s0 'host x.x.x.x' -b -w /tmp/data/tcpdump1.pcap

IPv6
tcpdump -s0 'host x:x:x:x:38e2:850f:5bb0:588' -b -w /tmp/data/tcpdump3.pcap

We search in Wireshark with filter http and find the following fpr IPv4

So everything works and seems correct

For IPv6 we can not see any NTLM
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 benny4982 over 6 years ago in reply to LuCar Toni

Hi,

thanks for the reply.
We disabled IPv6 random address to identify the source host.
After we have done the following dumps:

IPv4 (x.x.x.x replaced by the real IPv4 address
tcpdump -s0 'host x.x.x.x' -b -w /tmp/data/tcpdump1.pcap

IPv6
tcpdump -s0 'host x:x:x:x:38e2:850f:5bb0:588' -b -w /tmp/data/tcpdump3.pcap

We search in Wireshark with filter http and find the following fpr IPv4

So everything works and seems correct

For IPv6 we can not see any NTLM
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 LuCar Toni over 6 years ago in reply to benny4982

NTLM does not support IPv6 in V17.5.

At this point, i thought, you mean by opening any site, which supports IPv6, NTLM did not work at all. But you are working with IPv6 adresses in your network.

Michael Dunn Correct me, if i am wrong.
Cancel
Vote Up 0 Vote Down

Cancel
0 benny4982 over 6 years ago in reply to LuCar Toni

Thanks for the fast reply.

i don't understand why Sophos XG is missing so much features in the IPv6 environment.
No FQDN objects, no WAF for IPv6, no PPPoE support for PD IPv6 and now no ntlm support.

IPv6 is not new an we have a growing number of customers using IPv6.
Other vendors have full IPv6 support since years.
So i do not understand "the next generation thing"
Cancel
Vote Up 0 Vote Down

Cancel