4 Replies Latest reply on Nov 10, 2010 7:44 AM by sec-wartung

    MWG 7.0 problems proxy-auth with ldap

    sec-wartung

      I'm trying to configure MWG 7.0 for proxy authentication with ldap. The ldap-configuration is running under MWG 6.8 without any problems. I have configured the authentication server settings like in the web gateway 6.8. But if I test the user authentication with the "Authentication Test" I get the following error:

       

      Authentication:
      Error: Authentication failed

       

      If I test the ldap-connection with ldapsearch from another pc in the same network all is working fine.

       

      How can I debug the authentication process? I can't find any error-log. Can I test the ldap from console (can't find any ldap-tools on console)?

       

      Regards

       

      Janine

        • 1. Re: MWG 7.0 problems proxy-auth with ldap

          Hi Janine,

           

          I've had a similar problem with ntlm-agent authentication.

          Is this a test-system or the main proxy? If it is a test system I would do this:

           

          First of all take a look at the network traffic using the packet tracing tool and start a tcpdump (troubleshooting).

          If you see the ldap requests and replies from the ldap server I would do the following:

          @ Policy => Settings => Authentication. Add a new authentication setting,try the configuration again and test it with "Authentication Test". This worked for my ntlm-agent problem.

           

          Perhaps you can post your sample configuration for ldap.

           

          Regards,

          Maik

          • 2. Re: MWG 7.0 problems proxy-auth with ldap
            sec-wartung

            Hi Maik,

             

            at the moment it is only a test installation (MWG vmware-appliance) with the ldap-configuration of our customer. In the tcpdump I can see that the communication between the webgateway and the ldap server is working. But the Authentication Test with the user shows:

             

            LDAPMessage bindRequest(1) "test" simple
            LDAPMessage bindResponse(1) invalidDNSyntax (invalid DN)

             

            The dn to the user objects is the same like in web gateway 6.8.
            In the ldap configuration the user-dn is "cn=test,ou=fwusers,dc=domain,dc=de". In Web Gateway I configured the base distinguished name to "ou=fwusers,dc=domain,dc=de" (same like in mwg 6.8).

             

            In the tcpdump I can see that the login work for the ldap-user that is running the query:

             

            LDAPMessage bindRequest(1) "cn=Webwasher,dc=domain,dc=de" simple
            LDAPMessage bindResponse(1) success

             

            I have create a new authentication method but the problem persist. The reinstallation of the web gateway was not successful.

             

            What can I do to make it work?

             

            Best regards,
            Janine

            • 3. Re: MWG 7.0 problems proxy-auth with ldap
              asabban

              Hello,

               

              can you verify if "Map user name to DN" is checked?

               

              best,

              Andre

              1 of 1 people found this helpful
              • 4. Re: MWG 7.0 problems proxy-auth with ldap
                sec-wartung

                Hello Andre,

                 

                thanks for the tip. I have checked "Map user name to DN" but I have configured the wrong attribute (samaccountname=%u). After setting the right attribute "(cn=%u)" I get "Authentication OK".

                 

                Best regards,

                Janine