Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 1 subscriber
  • Views 7214 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows 2008 R2 - SSO mit Active Directory

JohTraub
Hallo,

Infos zum Aufbau:
- DomänenController ist ein Windows 2008 R2 Server
- Astaro Web Gateway 2000 ist mit Filterfunktion im gleichen Netzwerk
- 20 Clients mit Domänenanbindung und Windows XP

Auf dem Gateway ist under "Benutzer -> Authentifizierung -> Server" der DomänenController eingerichtet. Servertest und Benutzerabfrage funktionieren ohne Probleme.

Eine Registerkarte weiter "Single Sign-On" schaut es genauso gut aus. Verbindung zur Domäne kann richtig hergestellt werden.

Unsere Benutzer werden auch alle sauber aus dem Active Directory ausgelesen und auf dem Gateway angelegt.

Der Proxy auf dem Gateway ist aktiviert und auf Single-Sign-On eingestellt, die Gruppe der AD-User beim Modus SSO hinzugefügt.

Leider funktioniert am Client jetzt das Single-Sing-On nicht. Wir bekommen die Fehlermeldung Access Denied. Die gleiche Konstellation in Verbindung mit einem Windows 2003 Server als DC funktioniert ohne Probleme.

Weiß jemand woran es liegt?

Gruß
JohTraub


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to stkfor
    i got both running in "Windows Server 2008" - i have not yet upgraded to 2008 R2 Levels.
  • 0 in reply to ionee
    i have here execly the same problem. / Ich habe hier genau das gleiche Problem mit dem 2003er Server.

    the astaro read/sync every user from the 2003, the test logins work and the astaro is joined the domain. but if i probe to make a login via vpn pptp (or another authentification required service) i got the following errors in the log:

    die Astaro liest und syncronisiert alle User aus dem AD, alle Tests funktonieren und die Astaro ist Member in der Domain. Aber trotzdem funktioniert keine Authentifizierung der Domain User. 

    2011:08:08-11:31:51 firewall aua[10802]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:31:51 firewall aua[10802]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="mschwarz" caller="pptp" reason="DENIED"
    2011:08:08-11:32:18 firewall aua[10862]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:32:19 firewall aua[10862]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="mschwarz" caller="pptp" reason="DENIED"
    2011:08:08-11:33:25 firewall aua[10936]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:33:26 firewall aua[10936]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="administrator" caller="pptp" reason="DENIED"
    2011:08:08-11:35:55 firewall aua[11163]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:35:55 firewall aua[11163]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="administrator" caller="pptp" reason="DENIED"
    2011:08:08-11:37:06 firewall aua[11253]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:37:06 firewall aua[11253]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="administrator" caller="pptp" reason="DENIED"
    2011:08:08-11:43:37 firewall aua[11503]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:43:37 firewall aua[11503]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="alex76" caller="pptp" reason="DENIED"
    2011:08:08-11:44:21 firewall aua[11573]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:44:21 firewall aua[11573]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="alex76" caller="pptp" reason="DENIED"
    2011:08:08-11:47:45 firewall aua[11914]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:47:45 firewall aua[11914]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="alex76" caller="pptp" reason="DENIED"
    2011:08:08-11:35:55 firewall aua[11163]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:35:55 firewall aua[11163]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="administrator" caller="pptp" reason="DENIED"
    2011:08:08-11:37:06 firewall aua[11253]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:37:06 firewall aua[11253]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="administrator" caller="pptp" reason="DENIED"
    2011:08:08-11:43:37 firewall aua[11503]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:43:37 firewall aua[11503]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="alex76" caller="pptp" reason="DENIED"
    2011:08:08-11:44:21 firewall aua[11573]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:44:21 firewall aua[11573]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="alex76" caller="pptp" reason="DENIED"
    2011:08:08-11:47:45 firewall aua[11914]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:47:45 firewall aua[11914]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="alex76" caller="pptp" reason="DENIED"
    2011:08:08-11:35:55 firewall aua[11163]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:35:55 firewall aua[11163]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="administrator" caller="pptp" reason="DENIED"
    2011:08:08-11:37:06 firewall aua[11253]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:37:06 firewall aua[11253]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="administrator" caller="pptp" reason="DENIED"
    2011:08:08-11:43:37 firewall aua[11503]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:43:37 firewall aua[11503]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="alex76" caller="pptp" reason="DENIED"
    2011:08:08-11:44:21 firewall aua[11573]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:44:21 firewall aua[11573]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="alex76" caller="pptp" reason="DENIED"
    2011:08:08-11:47:45 firewall aua[11914]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:47:45 firewall aua[11914]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="alex76" caller="pptp" reason="DENIED"
    2011:08:08-11:47:45 firewall aua[11914]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="abiringer" caller="pptp" reason="DENIED"
    2011:08:08-11:56:15 firewall aua[12479]: id="3006" severity="info" sys="System" sub="auth" name="Spawned child for authentication test"
    2011:08:08-11:56:15 firewall aua[12479]: id="3006" severity="info" sys="System" sub="auth" name="Authentication test request: m:adirectory, f:none, u:alex76, ip:0.0.0.0"
    2011:08:08-11:56:15 firewall aua[12479]: id="3006" severity="info" sys="System" sub="auth" name="Testing method adirectory"
    2011:08:08-11:56:15 firewall aua[12479]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:56:16 firewall aua[12479]: id="3006" severity="info" sys="System" sub="auth" name="Authentication test successfull"
    2011:08:08-11:57:14 firewall aua[12511]: id="3006" severity="info" sys="System" sub="auth" name="Spawned child for authentication test"
    2011:08:08-11:57:14 firewall aua[12511]: id="3006" severity="info" sys="System" sub="auth" name="Bind test request: adirectory"
    2011:08:08-11:57:15 firewall aua[12511]: id="3006" severity="info" sys="System" sub="auth" name="Bind test successfull. Method: adirectory"
    2011:08:08-11:58:25 firewall aua[12553]: id="3006" severity="info" sys="System" sub="auth" name="Trying 192.168.1.5 (adirectory)"
    2011:08:08-11:58:25 firewall aua[12553]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="0.0.0.0" user="alex76" caller="pptp" reason="DENIED"


    i use 8.103 in my case. ich verwende die Version 8.103.

    did anyone have a idea? Hat hier jemand eine Idee?
Cookie Information Banner