7 Replies Latest reply on Jun 9, 2011 10:59 AM by antonov

    Problem w/User authentication

      I am trying to get a new Web Gateway 7.0 deployed but I am having problems with some user accounts failing to authenticate.  The accounts are all a member of the  domain users group.  It is set to use NTLM as the authentication method.  Anyone have any ideas?

        • 1. Re: Problem w/User authentication
          michael_schneider

          Hello,

           

          what is happening in detail? Are your users getting popups? Are these Mac or Linux users? Is this for specific applications?

           

          thanks,

          Michael

          • 2. Re: Problem w/User authentication

            It is all windows based.  It is not in production yet, still testing.  I went to deploy it to a test group of active users and some of them get a username/password popup.  I tested those user accounts on the webgateway authentication screen and they fail authentication.   Policy tab -> Authenticate with User Database -> On the right side, right click Authenticate with User Database and select Edit Settings: User Database(Authentication).  Under Authentication Test I have tested these users and they fail.

             

            All users are the Domain Users group, some work and some do not.

            • 3. Re: Problem w/User authentication
              michael_schneider

              So that I get this right.....

              You want ot do NTLM with a directory. For your test, you are using the local user db to generally see if auth is working and how it is working. Your users are comming from domain member systems and you use NTLM?

               

              In case this is true, than we do have a problem

               

              The browser will do NTLM with the gateway, which will fail as the domain credentials don't map the ones on the gateway, thus not authentication is possible. For a realistic rest, you should join MWG to the domain and use NTLM as auth method, this will make sure that the users can be authentication against the domain.

               

              Join the Domain under Configuration > Domain Membership

               

              Then configure (or change) a rule to use NTLM rather than the user db.

               

              retry.

               

              best,

              Michael

              • 4. Re: Problem w/User authentication

                The webgateway is already joined to the domain, and some user accounts work.  What I can't figure out is why some accounts do not, when they are all members of the same groups etc..

                • 5. Re: Problem w/User authentication
                  Jon Scholten

                  Could it be that you have 'Log on to...' settings in AD for those users? (users are only allowed to logon from certain computers)

                   

                  ~Jon

                  • 6. Re: Problem w/User authentication

                    That was it.  I added a DNS entry for the WebGateway and added it to allow them to log on to and it worked.  Thanks!

                     

                     

                    Message was edited by: Pete Adams on 9/23/10 4:06:54 PM CDT
                    • 7. Re: Problem w/User authentication
                      antonov

                      Hi there,

                       

                      we have made the same experience on MWG 7.1.0.2.0 (Build 10666) ant NTLM. In our enviroment there are very strict regulations for logging on to. Now I have the problem that I will have to authorise about 8000 Users manually. Otherwise they will not be able to use MWG 7 for internet access.

                      Now my question:

                      Are there any other possibilities to authenticate users via NTLM without changing the logon-restrictions in our AD? Does it help to use the NTLM-Agent?

                       

                      btw. Does anyone know how the authentication process on MWG 7 vie ntlm works?

                       

                      Thank you and best regards

                      Toni