cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MWG 7.0 problems proxy-auth with ldap

I'm trying to configure MWG 7.0 for proxy authentication with ldap. The ldap-configuration is running under MWG 6.8 without any problems. I have configured the authentication server settings like in the web gateway 6.8. But if I test the user authentication with the "Authentication Test" I get the following error:

Authentication:
Error: Authentication failed

If I test the ldap-connection with ldapsearch from another pc in the same network all is working fine.

How can I debug the authentication process? I can't find any error-log. Can I test the ldap from console (can't find any ldap-tools on console)?

Regards

Janine

4 Replies

Re: MWG 7.0 problems proxy-auth with ldap

Hi Janine,

I've had a similar problem with ntlm-agent authentication.

Is this a test-system or the main proxy? If it is a test system I would do this:

First of all take a look at the network traffic using the packet tracing tool and start a tcpdump (troubleshooting).

If you see the ldap requests and replies from the ldap server I would do the following:

@ Policy => Settings => Authentication. Add a new authentication setting,try the configuration again and test it with "Authentication Test". This worked for my ntlm-agent problem.

Perhaps you can post your sample configuration for ldap.

Regards,

Maik

Re: MWG 7.0 problems proxy-auth with ldap

Hi Maik,

at the moment it is only a test installation (MWG vmware-appliance) with the ldap-configuration of our customer. In the tcpdump I can see that the communication between the webgateway and the ldap server is working. But the Authentication Test with the user shows:

LDAPMessage bindRequest(1) "test" simple
LDAPMessage bindResponse(1) invalidDNSyntax (invalid DN)

The dn to the user objects is the same like in web gateway 6.8.
In the ldap configuration the user-dn is "cn=test,ou=fwusers,dc=domain,dc=de". In Web Gateway I configured the base distinguished name to "ou=fwusers,dc=domain,dc=de" (same like in mwg 6.8).

In the tcpdump I can see that the login work for the ldap-user that is running the query:

LDAPMessage bindRequest(1) "cn=Webwasher,dc=domain,dc=de" simple
LDAPMessage bindResponse(1) success

I have create a new authentication method but the problem persist. The reinstallation of the web gateway was not successful.

What can I do to make it work?

Best regards,
Janine

asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: MWG 7.0 problems proxy-auth with ldap

Hello,

can you verify if "Map user name to DN" is checked?

best,

Andre

Re: MWG 7.0 problems proxy-auth with ldap

Hello Andre,

thanks for the tip. I have checked "Map user name to DN" but I have configured the wrong attribute (samaccountname=%u). After setting the right attribute "(cn=%u)" I get "Authentication OK".

Best regards,

Janine

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community