Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 23 replies
  • Subscribers 1 subscriber
  • Views 8458 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSO-AD , user account lock on Win2008/Win7

Momohteks
Hi,

We are using AWG 7.510, and implemented SSO-AD authentication against our win2003 AD domain. This works fine with Winxp and Win 2003 clients.

We are now deploying first Windows 7 ou Win 2008 clients, and we are facing a very weird problem:

On some websites, SSO authentication fails, locks the user account, and a popup is presented to the user. ( our password policy locks the account after 5 attempts)

I insist on the fact that the account is locked BEFORE the popup is presented and the user tries to login.

On the logs i can see:

2012:02:09-13:47:13 AWG01 httpproxy[4569]: [0xae2d2ca0] auth_adir_auth_crap_callback (auth_adir.c:875) Authorization denied (NT_STATUS_WRONG_PASSWORD)
2012:02:09-13:47:13 AWG01 httpproxy[4569]: [0xa927bbf8] auth_adir_auth_crap_callback (auth_adir.c:875) Authorization denied (NT_STATUS_WRONG_PASSWORD)
2012:02:09-13:47:13 AWG01 httpproxy[4569]: [0xad82fe48] auth_adir_auth_crap_callback (auth_adir.c:875) Authorization denied (NT_STATUS_WRONG_PASSWORD)
2012:02:09-13:47:13 AWG01 httpproxy[4569]: [0xa6874f78] auth_adir_auth_crap_callback (auth_adir.c:875) Authorization denied (NT_STATUS_WRONG_PASSWORD)
2012:02:09-13:47:13 AWG01 httpproxy[4569]: [0xb1667b68] auth_adir_auth_crap_callback (auth_adir.c:875) Authorization denied (NT_STATUS_WRONG_PASSWORD)
2012:02:09-13:47:13 AWG01 httpproxy[4569]: [0xa4c80508] auth_adir_auth_crap_callback (auth_adir.c:875) Authorization denied (NT_STATUS_ACCOUNT_LOCKED_OUT)
2012:02:09-13:47:13 AWG01 httpproxy[4569]: [0xa78ac670] auth_adir_auth_crap_callback (auth_adir.c:875) Authorization denied (NT_STATUS_ACCOUNT_LOCKED_OUT)

The problem can be reproduced from any Win7 or Win2008 client, IE or firefox (didn't test other browsers), by going on this page for example :
https://www-304.ibm.com/support/docview.wss?uid=swg27017522

before the complete loading of the page, the account will be locked and an auth pop-up will show.

Thanks for any help.


This thread was automatically locked due to age.
Parents
  • 0
    Hi!

    Yeah it was my first post and I did not say 'Hello' sorry about that [:)]

    So, indeed I have the same crap_callback message from my web filtering logs. We use a .pac file provide by a web server in our domain (the URL is set in Internet Explorer) and finally it returns, the FQDN is well used in this file. This is a part of web filtering log :


    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe4740b0" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="866" message="Authorization denied (NT_STATUS_WRONG_PASSWORD)"

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="***" dstip="" user="user1" statuscode="407" cached="0" profile="REF_HttProDefault (Default)" filteraction=" ()" size="2370" request="0xe4740b0" url="rollit-live-europe-west1-a-2.icanhazwebsockets.com/" exceptions="" error=""

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xfacde50" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="866" message="Authorization denied (NT_STATUS_WRONG_PASSWORD)"

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="***" dstip="" user="user1" statuscode="407" cached="0" profile="REF_HttProDefault (Default)" filteraction=" ()" size="2370" request="0xfacde50" url="rollit-live-europe-west1-a-1.icanhazwebsockets.com/" exceptions="" error=""

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe526e50" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="866" message="Authorization denied (NT_STATUS_WRONG_PASSWORD)"

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="***" dstip="" user="user1" statuscode="407" cached="0" profile="REF_HttProDefault (Default)" filteraction=" ()" size="2370" request="0xe526e50" url="rollit-live-europe-west1-b-2.icanhazwebsockets.com/" exceptions="" error=""

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xfa53e20" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="866" message="Authorization denied (NT_STATUS_WRONG_PASSWORD)"

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="***" dstip="" user="user1" statuscode="407" cached="0" profile="REF_HttProDefault (Default)" filteraction=" ()" size="2370" request="0xfa53e20" url="rollit-live-us-central1-b-2.icanhazwebsockets.com/" exceptions="" error=""

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xf383188" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="866" message="Authorization denied (NT_STATUS_WRONG_PASSWORD)"

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="***" dstip="" user="user1" statuscode="407" cached="0" profile="REF_HttProDefault (Default)" filteraction=" ()" size="2370" request="0xf383188" url="rollit-live-europe-west1-b-1.icanhazwebsockets.com/" exceptions="" error=""

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xf60ddd8" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="866" message="Authorization denied (NT_STATUS_ACCOUNT_LOCKED_OUT)"

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="***" dstip="" user="user1" statuscode="407" cached="0" profile="REF_HttProDefault (Default)" filteraction=" ()" size="2370" request="0xf60ddd8" url="rollit-live-us-central1-a-2.icanhazwebsockets.com/" exceptions="" error=""

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe474530" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="866" message="Authorization denied (NT_STATUS_ACCOUNT_LOCKED_OUT)"


    If you have a suggestion .. As I said, with my UTM 320, I have no problem to open the link that I posted below.

    Best,
Reply
  • 0
    Hi!

    Yeah it was my first post and I did not say 'Hello' sorry about that [:)]

    So, indeed I have the same crap_callback message from my web filtering logs. We use a .pac file provide by a web server in our domain (the URL is set in Internet Explorer) and finally it returns, the FQDN is well used in this file. This is a part of web filtering log :


    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe4740b0" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="866" message="Authorization denied (NT_STATUS_WRONG_PASSWORD)"

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="***" dstip="" user="user1" statuscode="407" cached="0" profile="REF_HttProDefault (Default)" filteraction=" ()" size="2370" request="0xe4740b0" url="rollit-live-europe-west1-a-2.icanhazwebsockets.com/" exceptions="" error=""

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xfacde50" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="866" message="Authorization denied (NT_STATUS_WRONG_PASSWORD)"

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="***" dstip="" user="user1" statuscode="407" cached="0" profile="REF_HttProDefault (Default)" filteraction=" ()" size="2370" request="0xfacde50" url="rollit-live-europe-west1-a-1.icanhazwebsockets.com/" exceptions="" error=""

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe526e50" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="866" message="Authorization denied (NT_STATUS_WRONG_PASSWORD)"

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="***" dstip="" user="user1" statuscode="407" cached="0" profile="REF_HttProDefault (Default)" filteraction=" ()" size="2370" request="0xe526e50" url="rollit-live-europe-west1-b-2.icanhazwebsockets.com/" exceptions="" error=""

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xfa53e20" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="866" message="Authorization denied (NT_STATUS_WRONG_PASSWORD)"

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="***" dstip="" user="user1" statuscode="407" cached="0" profile="REF_HttProDefault (Default)" filteraction=" ()" size="2370" request="0xfa53e20" url="rollit-live-us-central1-b-2.icanhazwebsockets.com/" exceptions="" error=""

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xf383188" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="866" message="Authorization denied (NT_STATUS_WRONG_PASSWORD)"

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="***" dstip="" user="user1" statuscode="407" cached="0" profile="REF_HttProDefault (Default)" filteraction=" ()" size="2370" request="0xf383188" url="rollit-live-europe-west1-b-1.icanhazwebsockets.com/" exceptions="" error=""

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xf60ddd8" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="866" message="Authorization denied (NT_STATUS_ACCOUNT_LOCKED_OUT)"

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="***" dstip="" user="user1" statuscode="407" cached="0" profile="REF_HttProDefault (Default)" filteraction=" ()" size="2370" request="0xf60ddd8" url="rollit-live-us-central1-a-2.icanhazwebsockets.com/" exceptions="" error=""

    2013:07:30-18:37:37 FW2N1FR-1 httpproxy[27510]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe474530" function="auth_adir_auth_crap_callback" file="auth_adir.c" line="866" message="Authorization denied (NT_STATUS_ACCOUNT_LOCKED_OUT)"


    If you have a suggestion .. As I said, with my UTM 320, I have no problem to open the link that I posted below.

    Best,
Children
No Data