After allmost giving up, I tried again to configre the AD-SSO/http-proxy settings in My Astaro. This time by deleting all users in the Astaro Userlist and reconfigure my AD-groups in my windows-server.
I replaced the spaces for _
This way I bypass the known-errors with the UTM 9.*** setup. And Yes when I re-prefetch my users and setup a new group and after a reboot of the Astaro (after 20 minute waiting) the http-proxy works.
But Not for long.
When I startup IE9 the Astaro has to wake up (which takes half a minute) and has to think i it is going to accept the user or not.
This is VERY frustrating. See below for log of a test on my AD-server how it runs with only a Google search page.
In IE9 I directly get a login-popup which hou can cancel and after a few cancelings of the login-popup the pages load in your browser.
The bigger problem is...... FireFoxs has NO problems. I use both browsers on my workstations and when I browse in FireFox I have no problems and or loginboxes, while IE disfunctions completely.
FireFoxs also works perfectly with the FDQN while IE not even functions with the IP address of the Astaro!
When you take a look in the Web Filtering log you see Accept en Blocks (winbindd-errors) running besides eachother.
What can be done to solve this problem?
The only thing I can do is to shutdown the proxy-settings in IE. But why shutdown a firewall to use a firewall???
2012:08:23-15:13:13 FIREWALL httpproxy[32170]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9b55aa0" function="auth_adir_getsid_callback" file="auth_adir.c" line="502" message="winbindd request failed ()"
2012:08:23-15:13:13 FIREWALL httpproxy[32170]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.87.1" dstip="" user="Administrator" statuscode="407" cached="0" profile="REF_asOsBDRyvy (Proxy Filter)" filteraction=" ()" size="2477" request="0x9b55aa0" url="www.google.nl/" exceptions="" error=""
2012:08:23-15:13:28 FIREWALL httpproxy[32170]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.87.1" dstip="173.194.67.94" user="Administrator" statuscode="200" cached="0" profile="REF_asOsBDRyvy (Proxy Filter)" filteraction="REF_ZGZNNPYuTA (Proxy Filter Action)" size="102972" request="0x9b55aa0" url="www.google.nl/.../html" application="google"
2012:08:23-15:13:28 FIREWALL httpproxy[32170]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x114d61b8" function="auth_adir_getsid_callback" file="auth_adir.c" line="502" message="winbindd request failed ()"
2012:08:23-15:13:28 FIREWALL httpproxy[32170]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.87.1" dstip="" user="Administrator" statuscode="407" cached="0" profile="REF_asOsBDRyvy (Proxy Filter)" filteraction=" ()" size="2477" request="0x114d61b8" url="www.google.nl/.../mgyhp_sm.png" exceptions="" error=""
2012:08:23-15:13:28 FIREWALL httpproxy[32170]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.87.1" dstip="173.194.67.94" user="Administrator" statuscode="304" cached="0" profile="REF_asOsBDRyvy (Proxy Filter)" filteraction="REF_ZGZNNPYuTA (Proxy Filter Action)" size="0" request="0x9b55aa0" url="www.google.nl/.../chrome-48.png" exceptions="" error="" category="145,164" reputation="trusted" categoryname="Search Engines,Visual Search Engine"
2012:08:23-15:13:28 FIREWALL httpproxy[32170]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x114d6798" function="auth_adir_getsid_callback" file="auth_adir.c" line="502" message="winbindd request failed ()"
2012:08:23-15:13:28 FIREWALL httpproxy[32170]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.87.1" dstip="" user="Administrator" statuscode="407" cached="0" profile="REF_asOsBDRyvy (Proxy Filter)" filteraction=" ()" size="2477" request="0x114d6798" url="www.google.nl/.../logo3w.png" exceptions="" error=""
2012:08:23-15:13:28 FIREWALL httpproxy[32170]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.87.1" dstip="173.194.67.94" user="Administrator" statuscode="304" cached="0" profile="REF_asOsBDRyvy (Proxy Filter)" filteraction="REF_ZGZNNPYuTA (Proxy Filter Action)" size="0" request="0x9b55aa0" url="www.google.nl/.../rs=AItRSTPLUDe8EaGySfSbpQvglPVvyaExJg" exceptions="" error="" category="145" reputation="trusted" categoryname="Search Engines"
2012:08:23-15:13:32 FIREWALL httpproxy[32170]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.87.1" dstip="173.194.67.94" user="Administrator" statuscode="304" cached="0" profile="REF_asOsBDRyvy (Proxy Filter)" filteraction="REF_ZGZNNPYuTA (Proxy Filter Action)" size="0" request="0x9b55aa0" url="www.google.nl/.../4fe2fdcdb07f6db9.js" exceptions="" error="" category="145" reputation="trusted" categoryname="Search Engines"
2012:08:23-15:13:32 FIREWALL httpproxy[32170]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.87.1" dstip="173.194.67.94" user="Administrator" statuscode="304" cached="0" profile="REF_asOsBDRyvy (Proxy Filter)" filteraction="REF_ZGZNNPYuTA (Proxy Filter Action)" size="0" request="0x9b55aa0" url="www.google.nl/.../swxa.gif" exceptions="" error="" category="145,164" reputation="trusted" categoryname="Search Engines,Visual Search Engine"
This thread was automatically locked due to age.
