This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Proxy asking for authentication credentials

I've got a WS1100 Appliance. My users are being proxied through with a proxy.pac file hosted on one of our servers. We use AD integration to authenticate our users.

My issue is that very randomly a user will call me saying they can't get to any websites. What they have is an authentication box for our WS1100. If they enter their credentials (which is what should be passed automatically) it refuses them 3 times until it gives a "Proxy Authentication Error" page. If I log in with my own credentials however, (which are obviously elevated compared to most of our users), it will let me through.

This happens very randomly, to different users with different access. Sometimes restarting their machine fixes the problem sometimes logging off and back on fixes it, and sometimes it won't go away without bypassing the proxy altogether. If

It seems to be a windows problem, as if Windows isn't letting them authenticate. If the ygo to another machine they have no problem. Doesn't seem to be a Sophos problem but I thought maybe someone here has seen a similar issue.

This thread was automatically locked due to age.

Parents

0 TomA over 13 years ago

Hi,
This does sound quite unusual. I'm surprised that your credentials work, but the users does not. Is the user a member of a different domain to yourself?
Unless of course the user isn't actually being authenticated by the proxy, but is being asked for authentication for a different reason. For example, being required to authenticate in order to download the PAC file itself? If possible, I'd turn off the PAC file and setup explicit proxy settings for a few users to see if this helps. This would rule out any problems with the PAC file.
Also, make sure that DNS is setup correctly for your DCs and the A record of your domain. If there are some incorrect entries in DNS this could cause intermittent problems. This article might help:
http://www.sophos.com/support/knowledgebase/article/112044.html
Another suggestion could be to disable 'Authenticate All Requests' in 'Configuration | System | Active Directory'. This means that supported web browsers will only be authenticated every 5 minutes. Whilst this doesn't help us work out the root cause it could make it much less likely to happen.
Other than that, it may be best to call in to Sophos support. They will probably recommend to do a tcp capture / wireshark whilst the issue happens to confirm exactly what is going on.
Hope this helps,
Tom.
:22217
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 TomA over 13 years ago

Hi,
This does sound quite unusual. I'm surprised that your credentials work, but the users does not. Is the user a member of a different domain to yourself?
Unless of course the user isn't actually being authenticated by the proxy, but is being asked for authentication for a different reason. For example, being required to authenticate in order to download the PAC file itself? If possible, I'd turn off the PAC file and setup explicit proxy settings for a few users to see if this helps. This would rule out any problems with the PAC file.
Also, make sure that DNS is setup correctly for your DCs and the A record of your domain. If there are some incorrect entries in DNS this could cause intermittent problems. This article might help:
http://www.sophos.com/support/knowledgebase/article/112044.html
Another suggestion could be to disable 'Authenticate All Requests' in 'Configuration | System | Active Directory'. This means that supported web browsers will only be authenticated every 5 minutes. Whilst this doesn't help us work out the root cause it could make it much less likely to happen.
Other than that, it may be best to call in to Sophos support. They will probably recommend to do a tcp capture / wireshark whilst the issue happens to confirm exactly what is going on.
Hope this helps,
Tom.
:22217
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data