Hi,
lately we migrated our Active Directory from 2003 to 2008 R2 and moved our Microsoft CA from one Machine to another. Until this last step the Astaro Web Proxy with AD SSO authentication worked like a charm. Now we are experiencing some really strange phenomenons. Some users are still able to access the internet like before, others are prompted to type in their username and password (IE / Firefox) and the third party gets instantly an "authenticaton failed" box. Interesting: New created users are working 100%!
I rejoined the Astaro (V8.102) into the domain and tried several hints found in the forum, but nothing helped.
The HTTP-Log (sometimes) shows the following error:
2011:05:13-07:56:21 gateway-1 httpproxy[11036]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xf53b00c0" function="auth_adir_getgroupsids_callback" file="auth_adir.c" line="789" message="winbindd request failed ()"
We use the http proxy in profile mode with lots of different profile-types, but as I mentioned, the whole thing worked very, very solid.
The "profile chain" for AD SSO is build like this:
Profile: AD SSO (User Authentication: AD SSO / Source Network A, B, C / Filter Assignment: AD User / Fallback: Block All)
Filter Assignment: AD User (User/Groups: www_proxy_user / Filter Action : Standard Filter)
Filter Actions: Standard Filter (...)
Note: the group "www_proxy_user" contains a special AD Group called "Internet User" (Group Type: Backend Membership / Backend: Active Directory). The authentication test found in "Users->Authentication->Servers->DC1" works with EVERY User and shows the correct group membership (www_proxy_user).
Thanks for your help!
This thread was automatically locked due to age.
