Showing results for 
Show  only  | Search instead for 
Did you mean: 

SOCKS with both AD and IP authentication

I'm currently developing a new rule set to allow us to move away from Dante SOCKS to McAfee SOCKS so we can make better use of the MWG rule engine and start supporting AD authentication as we currently rely on IP authentication.

Going forward I want a hybrid environment with the rules I've ported relying on IP authentication and new rules relying on AD group membership as much as possible.

I've been able to create the initial rule set and tested it without issues however the problem I've now got after porting all the rules is some of the subnets in the IP based rules overlap with the subnets I'm connecting from for the AD based rules. For example;

  • Steve is allowed to connect to based on AD group membership
  • is allowed to connect to based on IP range
  • Steve's current IP is

I now have the problem of how I handle authentication; if I put my IP authentication rules first Steve will be able to access, but not and if I put the AD authentication first no one can connect to or any other rule that utilises IP authentication will work, but the AD rules work.

I'm using the default NTLM Authentication rules (If Authentication.Authenticate<engine> equals false - Autheitcate<Default>). Is there a way of essentially doing a soft fail so I can initially attempt to authenticate the client based on NTLM and then if there's no AD credentials set fall back to an IP address white list?

2 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: SOCKS with both AD and IP authentication

Hi Dcarson!

I'm interested in the use case here. Who or what is using the SOCKS proxy? Is it actual users or are you using it for some random machines in the network?

I dont believe the SOCKS tunnel would allow for try auth (either you perform authentication or you dont). However, if you're using a browser and the traffic in the SOCKS tunnel is HTTP, then it might work.

I posted a ruleset here which acts as a base SOCKS proxy ruleset.

This ruleset has authentication included (Basic or Kerberos --- there is no NTLM in SOCKS).

If you've got an SR open, or opened one ever, I can look you up based on that and reach out directly (if you'd like to discuss specifics). Just post the SR #, no other contact info needed.

Best Regards,



Re: SOCKS with both AD and IP authentication

Hi Jon,

Thanks for that.

At present it's basic authentication, but in future we'll probably look to move to Kerberos.

I've just raised a SR - 4-16520979721 if you could give me a shout it would be much appreciated.

All the best


You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community