This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Weird problem with AD SSO

Hello Guys,

I'm trying to configure AD SSO with an ASG220. The firewall joined our domain (W2k8 R2 but in 2k3 scheme) and when I'll do the "test Authentication" in the webadmin everything seems fine. The test passes and I get back the groups of the specific user I'm testing.

The AD authentication even works for ssl vpn, it just didn't for the proxy.

When the authentication is activated, I get a popup where I have to fill in the credentials (in IE as well as Opera). After filling in the data and closing the popup it just pops up again. This repeats several times, unless I got a page that the authentication fails. Of course I've checked the Authenication Daemon Log - there was no entry for the authorization.

I've used this guide for configuration:
Astaro V7 Active Directory SSO setup and HTTP Profiles Configuration

Do you have an idea what could be wrong in my config?

This thread was automatically locked due to age.

Parents

0 gente over 15 years ago

So i finally found something in the http\s logs, but I'll think I need some help on that:

2010:09:29-13:18:24 gw httpproxy[4924]: [0xaeef0698] adir_auth_process_ntlm (auth_adir.c:567) received ntlmpkt with invalid signature: [c]
2010:09:29-13:18:24 gw httpproxy[4924]: [0xb1ac6ea8] auth_adir_auth_crap_callback (auth_adir.c:875) Authorization denied (NT code 0x00000721)
2010:09:29-13:18:26 gw httpproxy[4924]: [     (nil)] utf16le_to_utf8 (auth_adir.c:417) failed to convert username from UTF-16LE to UTF-8: Partial character sequence at end of input
2010:09:29-13:18:26 gw httpproxy[4924]: [0xaeca4988] auth_adir_auth_crap_callback (auth_adir.c:875) Authorization denied (NT_STATUS_PIPE_DISCONNECTED)
2010:09:29-13:18:26 gw httpproxy[4924]: [     (nil)] utf16le_to_utf8 (auth_adir.c:417) failed to convert username from UTF-16LE to UTF-8: Partial character sequence at end of input
2010:09:29-13:18:26 gw httpproxy[4924]: [0xb20bc438] auth_adir_auth_crap_callback (auth_adir.c:875) Authorization denied (NT_STATUS_PIPE_DISCONNECTED)
2010:09:29-13:18:26 gw httpproxy[4924]: [     (nil)] utf16le_to_utf8 (auth_adir.c:417) failed to convert username from UTF-16LE to UTF-8: Partial character sequence at end of input
2010:09:29-13:18:26 gw httpproxy[4924]: [0xafd0d9a8] auth_adir_auth_crap_callback (auth_adir.c:875) Authorization denied (NT_STATUS_PIPE_DISCONNECTED)
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 gente over 15 years ago

So i finally found something in the http\s logs, but I'll think I need some help on that:

2010:09:29-13:18:24 gw httpproxy[4924]: [0xaeef0698] adir_auth_process_ntlm (auth_adir.c:567) received ntlmpkt with invalid signature: [c]
2010:09:29-13:18:24 gw httpproxy[4924]: [0xb1ac6ea8] auth_adir_auth_crap_callback (auth_adir.c:875) Authorization denied (NT code 0x00000721)
2010:09:29-13:18:26 gw httpproxy[4924]: [     (nil)] utf16le_to_utf8 (auth_adir.c:417) failed to convert username from UTF-16LE to UTF-8: Partial character sequence at end of input
2010:09:29-13:18:26 gw httpproxy[4924]: [0xaeca4988] auth_adir_auth_crap_callback (auth_adir.c:875) Authorization denied (NT_STATUS_PIPE_DISCONNECTED)
2010:09:29-13:18:26 gw httpproxy[4924]: [     (nil)] utf16le_to_utf8 (auth_adir.c:417) failed to convert username from UTF-16LE to UTF-8: Partial character sequence at end of input
2010:09:29-13:18:26 gw httpproxy[4924]: [0xb20bc438] auth_adir_auth_crap_callback (auth_adir.c:875) Authorization denied (NT_STATUS_PIPE_DISCONNECTED)
2010:09:29-13:18:26 gw httpproxy[4924]: [     (nil)] utf16le_to_utf8 (auth_adir.c:417) failed to convert username from UTF-16LE to UTF-8: Partial character sequence at end of input
2010:09:29-13:18:26 gw httpproxy[4924]: [0xafd0d9a8] auth_adir_auth_crap_callback (auth_adir.c:875) Authorization denied (NT_STATUS_PIPE_DISCONNECTED)
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data