cancel
Showing results for 
Search instead for 
Did you mean: 
MOberschelp
Level 7

Problem with MWG 7 and NTLM-Agent

I have set up a new MWG 7 Appliance and want to connect to the ntlm-agent.

How do I set up authenticaton with it?

I've tried the following:

At Policy / Settings / Authentication / User Database I selected NTLM-Agent, Use secure Agent connection and agent definition the IP-Address (f.e. 10.1.3.1).

But the MWG don't even try to connect to the ntlm-agent. I think there is something wrong with the agent definition...

Has anyone a working configuration with ntlm-agent?

Regards,

Maik Oberschelp

0 Kudos
20 Replies
MOberschelp
Level 7

Re: Problem with MWG 7 and NTLM-Agent

Update: Same problem with Radius and LDAP. I see no traffic @ my firewall. This is not only a ntlm-problem.

Can anyone post a sample config?

Regards,

Maik Oberschelp

0 Kudos
McAfee Employee

Re: Problem with MWG 7 and NTLM-Agent

Hallo Herr Oberschelp,

could I ask you to try something and forgive me if it sounds to basic, but can you actually ping the name/IP of the LDAP and telnet to port 389 from the appliance? I just tested it here in the lab in just works fine!

Some sample screenshots:

ldap1.jpg

ldap2.jpg

Ldap3.jpg

best,

Michael

0 Kudos
MOberschelp
Level 7

Re: Problem with MWG 7 and NTLM-Agent

Hello Michael,

ping works. I haven' tested telnet with port 389 yet.

I've made a new ldap-configuration with your screenshots, with the same result. I see no authentication requests at our firewall. The MWG didn't even try to connect to the ldap / ntlm server. I only see the ping request.

Regards,

Maik

0 Kudos
McAfee Employee

Re: Problem with MWG 7 and NTLM-Agent

Strange! Have you tried the Authentication test? I assume yes, but am just asking to make sure.

thanks,

Michael

0 Kudos
MOberschelp
Level 7

Re: Problem with MWG 7 and NTLM-Agent

Yes, always tried with authentication test. Only the local user-database works correct.

Regards,

Maik

0 Kudos
McAfee Employee

Re: Problem with MWG 7 and NTLM-Agent

Hello Maik,

I suggest opening a ticket with / calling into support, as it sounds some deeper troubleshooting is required then.

best,

Michael

0 Kudos
MOberschelp
Level 7

Re: Problem with MWG 7 and NTLM-Agent

Hello!

I've opened a ticket and the issue seems to be solved. Authentication via ntlm is working.

One question remains: In MWG 6.8 we used the ntlm-authentication too and the user don't need to authenticate manually. Is it possible to authenticate the user automatically in MWG 7? What would be a test configuration for this?

Regards,

Maik

0 Kudos
MOberschelp
Level 7

Re: Problem with MWG 7 and NTLM-Agent

Hi again!

the ntlm-authentication is now working fine. The problem was, that the ntlm-agent was on my client-pc. But there is a compatibility problem when the browsing client is also the ntlm-agent. After installing the agent @ an other computer, everything worked fine.

But: Sometimes the group attributes were not read completely. Example: Test authentication shows only the group attributes "Dom"; but it should be "Domänen-Benutzer;CTX-User;...". This behaviour is not every time. Now the group attributes were read completely, but the past 30 minutes I've had this problem...

Has anyone experiences with this?

Regards,

Maik

carsten424
Level 7

Re: Problem with MWG 7 and NTLM-Agent

Hi,

we have exactly the same issue, that only partial group memberships  are returned sometimes. Did you find a solution?

Regards,

   Carsten

0 Kudos