cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
MOberschelp
Level 7
Report Inappropriate Content
Message 1 of 21
‎08-31-2010 07:31 AM

Problem with MWG 7 and NTLM-Agent

I have set up a new MWG 7 Appliance and want to connect to the ntlm-agent.

How do I set up authenticaton with it?

I've tried the following:

At Policy / Settings / Authentication / User Database I selected NTLM-Agent, Use secure Agent connection and agent definition the IP-Address (f.e. 10.1.3.1).

But the MWG don't even try to connect to the ntlm-agent. I think there is something wrong with the agent definition...

Has anyone a working configuration with ntlm-agent?

Regards,

Maik Oberschelp

0 Kudos
Reply
20 Replies
MOberschelp
Level 7
Report Inappropriate Content
Message 2 of 21
‎09-02-2010 06:48 AM

Re: Problem with MWG 7 and NTLM-Agent

Update: Same problem with Radius and LDAP. I see no traffic @ my firewall. This is not only a ntlm-problem.

Can anyone post a sample config?

Regards,

Maik Oberschelp

0 Kudos
Reply
MSchneider
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 21
‎09-02-2010 10:23 AM

Re: Problem with MWG 7 and NTLM-Agent

Hallo Herr Oberschelp,

could I ask you to try something and forgive me if it sounds to basic, but can you actually ping the name/IP of the LDAP and telnet to port 389 from the appliance? I just tested it here in the lab in just works fine!

Some sample screenshots:

ldap1.jpg

ldap2.jpg

Ldap3.jpg

best,

Michael

Michael Schneider
Senior Manager of PM
for Web Protection and UCE
(•‿•)
0 Kudos
Reply
MOberschelp
Level 7
Report Inappropriate Content
Message 4 of 21
‎09-02-2010 11:52 PM

Re: Problem with MWG 7 and NTLM-Agent

Hello Michael,

ping works. I haven' tested telnet with port 389 yet.

I've made a new ldap-configuration with your screenshots, with the same result. I see no authentication requests at our firewall. The MWG didn't even try to connect to the ldap / ntlm server. I only see the ping request.

Regards,

Maik

0 Kudos
Reply
MSchneider
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 21
‎09-03-2010 12:07 AM

Re: Problem with MWG 7 and NTLM-Agent

Strange! Have you tried the Authentication test? I assume yes, but am just asking to make sure.

thanks,

Michael

Michael Schneider
Senior Manager of PM
for Web Protection and UCE
(•‿•)
0 Kudos
Reply
MOberschelp
Level 7
Report Inappropriate Content
Message 6 of 21
‎09-03-2010 12:12 AM

Re: Problem with MWG 7 and NTLM-Agent

Yes, always tried with authentication test. Only the local user-database works correct.

Regards,

Maik

0 Kudos
Reply
MSchneider
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 21
‎09-03-2010 12:48 AM

Re: Problem with MWG 7 and NTLM-Agent

Hello Maik,

I suggest opening a ticket with / calling into support, as it sounds some deeper troubleshooting is required then.

best,

Michael

Michael Schneider
Senior Manager of PM
for Web Protection and UCE
(•‿•)
0 Kudos
Reply
MOberschelp
Level 7
Report Inappropriate Content
Message 8 of 21
‎09-28-2010 05:49 AM

Re: Problem with MWG 7 and NTLM-Agent

Hello!

I've opened a ticket and the issue seems to be solved. Authentication via ntlm is working.

One question remains: In MWG 6.8 we used the ntlm-authentication too and the user don't need to authenticate manually. Is it possible to authenticate the user automatically in MWG 7? What would be a test configuration for this?

Regards,

Maik

0 Kudos
Reply
MOberschelp
Level 7
Report Inappropriate Content
Message 9 of 21
‎10-26-2010 02:46 AM

Re: Problem with MWG 7 and NTLM-Agent

Hi again!

the ntlm-authentication is now working fine. The problem was, that the ntlm-agent was on my client-pc. But there is a compatibility problem when the browsing client is also the ntlm-agent. After installing the agent @ an other computer, everything worked fine.

But: Sometimes the group attributes were not read completely. Example: Test authentication shows only the group attributes "Dom"; but it should be "Domänen-Benutzer;CTX-User;...". This behaviour is not every time. Now the group attributes were read completely, but the past 30 minutes I've had this problem...

Has anyone experiences with this?

Regards,

Maik

Reply
carsten424
Level 7
Report Inappropriate Content
Message 10 of 21
‎10-20-2011 01:38 AM

Re: Problem with MWG 7 and NTLM-Agent

Hi,

we have exactly the same issue, that only partial group memberships  are returned sometimes. Did you find a solution?

Regards,

   Carsten

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC