I have set up a new MWG 7 Appliance and want to connect to the ntlm-agent.
How do I set up authenticaton with it?
I've tried the following:
At Policy / Settings / Authentication / User Database I selected NTLM-Agent, Use secure Agent connection and agent definition the IP-Address (f.e. 10.1.3.1).
But the MWG don't even try to connect to the ntlm-agent. I think there is something wrong with the agent definition...
Has anyone a working configuration with ntlm-agent?
Update: Same problem with Radius and LDAP. I see no traffic @ my firewall. This is not only a ntlm-problem.
Can anyone post a sample config?
Hallo Herr Oberschelp,
could I ask you to try something and forgive me if it sounds to basic, but can you actually ping the name/IP of the LDAP and telnet to port 389 from the appliance? I just tested it here in the lab in just works fine!
Some sample screenshots:
ping works. I haven' tested telnet with port 389 yet.
I've made a new ldap-configuration with your screenshots, with the same result. I see no authentication requests at our firewall. The MWG didn't even try to connect to the ldap / ntlm server. I only see the ping request.
Strange! Have you tried the Authentication test? I assume yes, but am just asking to make sure.
I suggest opening a ticket with / calling into support, as it sounds some deeper troubleshooting is required then.
I've opened a ticket and the issue seems to be solved. Authentication via ntlm is working.
One question remains: In MWG 6.8 we used the ntlm-authentication too and the user don't need to authenticate manually. Is it possible to authenticate the user automatically in MWG 7? What would be a test configuration for this?
the ntlm-authentication is now working fine. The problem was, that the ntlm-agent was on my client-pc. But there is a compatibility problem when the browsing client is also the ntlm-agent. After installing the agent @ an other computer, everything worked fine.
But: Sometimes the group attributes were not read completely. Example: Test authentication shows only the group attributes "Dom"; but it should be "Domänen-Benutzer;CTX-User;...". This behaviour is not every time. Now the group attributes were read completely, but the past 30 minutes I've had this problem...
Has anyone experiences with this?