Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 1 subscriber
  • Views 6045 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NTLM authentication

kram3r
I have astaro v8 .103 configured with proxy transparent with authentication.
Until last Friday everything was working normally. Authentication was done with the windows (XP) user login (NTLM).
but, at night, the authentication stopped working. I Change DNS (astaro ipaddress with forwarding 8.8.8.8 - google dns) for some hours. Before, DNS was AD. Today, i change to AD again.
Now, i need put username and password every times on browser.
Does anyone have any idea what might be happening?

Server - windows 2008 server
3 groups (master, users, guest)
NTP Server sync on all workstations,AD Server  and Astaro.
Workstations
Windows XP
Browsers: Firefox 3.6 and 4 and IE 8


This thread was automatically locked due to age.
Parents
  • 0
    Scott and I do DNS a bit differently, but his way is a great choice, and I don't think that's the issue.

    In your case, transparent with authentication, I don't know if there's a problem with NTLM.  If you were using AD-SSO mode, then there occasionally are problems with NTLM.  To force the use of kerberos, instead of using the numeric IP assigned to 'Internal (Address)' as the address of the Proxy, use an FQDN that resolves internally to that IP.  I know that you can propagate that via GPO to IE8; I think I remember others saying that also worked for Firefox.  Again, that's a presciption for AD-SSO.

    Is there anything in the 'User Authentication' log that gives a clue?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Scott and I do DNS a bit differently, but his way is a great choice, and I don't think that's the issue.

    In your case, transparent with authentication, I don't know if there's a problem with NTLM.  If you were using AD-SSO mode, then there occasionally are problems with NTLM.  To force the use of kerberos, instead of using the numeric IP assigned to 'Internal (Address)' as the address of the Proxy, use an FQDN that resolves internally to that IP.  I know that you can propagate that via GPO to IE8; I think I remember others saying that also worked for Firefox.  Again, that's a presciption for AD-SSO.

    Is there anything in the 'User Authentication' log that gives a clue?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Cookie Information Banner