I am trying to get a new Web Gateway 7.0 deployed but I am having problems with some user accounts failing to authenticate. The accounts are all a member of the domain users group. It is set to use NTLM as the authentication method. Anyone have any ideas?
Solved! Go to Solution.
what is happening in detail? Are your users getting popups? Are these Mac or Linux users? Is this for specific applications?
It is all windows based. It is not in production yet, still testing. I went to deploy it to a test group of active users and some of them get a username/password popup. I tested those user accounts on the webgateway authentication screen and they fail authentication. Policy tab -> Authenticate with User Database -> On the right side, right click Authenticate with User Database and select Edit Settings: User Database(Authentication). Under Authentication Test I have tested these users and they fail.
All users are the Domain Users group, some work and some do not.
So that I get this right.....
You want ot do NTLM with a directory. For your test, you are using the local user db to generally see if auth is working and how it is working. Your users are comming from domain member systems and you use NTLM?
In case this is true, than we do have a problem
The browser will do NTLM with the gateway, which will fail as the domain credentials don't map the ones on the gateway, thus not authentication is possible. For a realistic rest, you should join MWG to the domain and use NTLM as auth method, this will make sure that the users can be authentication against the domain.
Join the Domain under Configuration > Domain Membership
Then configure (or change) a rule to use NTLM rather than the user db.
The webgateway is already joined to the domain, and some user accounts work. What I can't figure out is why some accounts do not, when they are all members of the same groups etc..
That was it. I added a DNS entry for the WebGateway and added it to allow them to log on to and it worked. Thanks!Message was edited by: Pete Adams on 9/23/10 4:06:54 PM CDT
we have made the same experience on MWG 220.127.116.11.0 (Build 10666) ant NTLM. In our enviroment there are very strict regulations for logging on to. Now I have the problem that I will have to authorise about 8000 Users manually. Otherwise they will not be able to use MWG 7 for internet access.
Now my question:
Are there any other possibilities to authenticate users via NTLM without changing the logon-restrictions in our AD? Does it help to use the NTLM-Agent?
btw. Does anyone know how the authentication process on MWG 7 vie ntlm works?
Thank you and best regards