Author Topic: HTTP Proxy not authenticating  (Read 5678 times)

christian

  • Guest
Re: HTTP Proxy not authenticating
« Reply #15 on: August 28, 2012, 09:39:35 am »
cache issue client side...  ;)

ccarpenter

  • Zen Monk
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Re: HTTP Proxy not authenticating
« Reply #16 on: August 29, 2012, 02:52:43 pm »
I am about ready to give up zentyal for another distribution because of all the problem with the proxy setup. I am testing a few computers manually configured to go though the proxy server. Some work exactly as they should while others have no internet access at all while they are configured to use the proxy server. I have configured it to use basic and ntlm authentication. On the computers that do have internet access ntlm is working because they are not prompted for a username or password and the sites that should be blocked are blocked. Yet when using firefox they are prompted for a username and password for basic authentication and the user credentials they use will not allow them to login. Has anyone experienced anything like this?

stuartiannaylor

  • Guest
Re: HTTP Proxy not authenticating
« Reply #17 on: August 29, 2012, 03:08:44 pm »
Hi,

Yeah had the same with firefox. From memory you have to enable advanced option settings.
I agree that the proxy is a bit problematic but its more a history of M$ & ntlm.

https://sivel.net/2007/05/firefox-ntlm-sso/
Is just a quick google.

Don't give up as I use a couple of other distro's and you will find similar.
Ubuntu & Zentyal are as close to cutting edge as you will prob get.

Also 3.0 RC1 is out and to be honest that is the way to go.

NTLM isn't secure anymore as there are exploits. Kerberos is the way to go and is all singing and dancing in the new version.

The proxy seems much better in 3.0 I have been away from the community for a while but did notice group/user time restrictions all new goodies in the proxy.

http://www.zentyal.org/beta/

I suggest running it on virtual box or other and have a look before you decide to go elsewhere.
If you need any help please post.

Stuart

ccarpenter

  • Zen Monk
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Re: HTTP Proxy not authenticating
« Reply #18 on: August 29, 2012, 03:15:03 pm »
Thanks for the quick reply, but what really gets me is why do some computers have no internet access at all while other work exactly as they should. I have rebooted the computers and ran ipconfig /flushdns to chear their dns cache from all the testing I've been doing, and even rebooted the firewall. I just don't get why some work and some don't.

christian

  • Guest
Re: HTTP Proxy not authenticating
« Reply #19 on: August 29, 2012, 03:17:45 pm »
So far, it's a bit difficult, at least to me, to understand what you did and where.
e.g., at least using Zentyal GUI, I don't see where you can chose between basic and NTLM and enable it. Do you mean you tweaked squid conf  ???
I also don't understand whenever you tried to enable ntlm at Firefox level.
Last but not least, what do you mean with
Quote
the user credentials they use will not allow them to login
any error message ?

Did you look at some log?

stuartiannaylor

  • Guest
Re: HTTP Proxy not authenticating
« Reply #20 on: August 29, 2012, 03:23:49 pm »
I am having a read through your posts and a bit of googling. Why some don't and some do is a hard one to explain. Almost as bad as intermittent faults that always fill me with dread when they arrive.

Is it a dns fault where you can ping the ip but not the FQDN.

Also are clients all the same? win version / os ?

I know clutching at straws  :-[

have a go at pinging some ip and have a look at the network settings maybe some where dns / default gateway ...

I would go back to basics and turn off the proxy.

Check all the clients.

Proxy on, no filters transparent.

Check all the clients.

Bring in your filters.

Check all the clients.

Will have a closer look at your post. If you find any oddities please post away.

If you need to chill that RC1 of 3.0 is ready for a virtual machine test :)

ccarpenter

  • Zen Monk
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Re: HTTP Proxy not authenticating
« Reply #21 on: August 29, 2012, 03:29:04 pm »
I found this to setup NTLM in the squid conf.
http://trac.zentyal.org/wiki/Documentation/Community/HowTo/ProxyWithNTLM

I configured IE in the connections tab to manually point it to the proxy server and left firefox to use system setting which should use what IE uses. At the loign box it gives for firefox I put in the user credentials they use to login to the computer with. All that happens is the login prompt goes away and comes right back up like it won't accept the credentials. It gives no error message.


ccarpenter

  • Zen Monk
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Re: HTTP Proxy not authenticating
« Reply #22 on: August 29, 2012, 03:34:45 pm »
@stuartiannaylor

I can ping everything by ip and by FQDN so I know my dns shouldn't be an issue. All clients are using DHCP from the firewall. I have mixed windows xp/7/server 2003. On the server with proxy enabled I have no internet access at all. On two windows 7 pcs the proxy works, but on another windows 7 pc it also doesn't have internet access. Same for XP. One works as it should while the other has not internet access. Mind you that when I remove the proxy setting on all computers they all have internet access and all can resolve ip and FQDN.

stuartiannaylor

  • Guest
Re: HTTP Proxy not authenticating
« Reply #23 on: August 29, 2012, 03:34:58 pm »
I would knock out the wpad stuff aswell. wpad and pac is just for auto proxy settings.

Do it the old fashioned way on a couple of clients and enter the proxy details.

Do I understand you are trying to authenticate to an internal hosted site on zentyal through apache?

As add the apache logs for that site onto the thread.

Also do you have dns module enabled?

I noticed one time with virtual hosts that I had to manually place the IP in the automatically created dns entry.
Damn my memory but when blank I think it was the assumption local host and I found that didn't work.

Also if you are like me its not anything to do with the virtual host where actually say www. is throwing you back to the default domain?

christian

  • Guest
Re: HTTP Proxy not authenticating
« Reply #24 on: August 29, 2012, 03:40:36 pm »
Clearer for what concerns NTLM proxy side. You should have started with this info  ;) for remote people not aware of what you did. It might help for debugging purpose  8)
Regarding authentication "error" (at least in term of expected behaviour, I would suggest that you look at logs (squid and syslog) and search for any entry matching account.

Just curious: is this behaviour linked to specific account or to specific workstation  ???

ccarpenter

  • Zen Monk
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Re: HTTP Proxy not authenticating
« Reply #25 on: August 29, 2012, 03:41:03 pm »
@stuartiannaylor

I have removed all webserver functionality and wpad configurations to eliminate any issues I may be having with that. Sorry I forgot to post that. I was trying to eliminate anything that could be affecting the proxy.

stuartiannaylor

  • Guest
Re: HTTP Proxy not authenticating
« Reply #26 on: August 29, 2012, 03:43:46 pm »
It would sound like the proxy isn't working maybe and some of the clients are not set right and not using the proxy.

When the proxy is off what route is the IP traffic taking to get access?

You haven't got a problem like two conflicting dhcp servers have ?

To be honest flummoxed, someone will help.

Keep posting and someone will help.

If you get the right details to christian he will have you sorted in a milli second.

I get the feeling there is more going on than remotely I am aware of.

Sorry for sounding condescending but go back to basics and build things up slowly.

Then at the point of loss forward us details

Apols Stuart

ccarpenter

  • Zen Monk
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Re: HTTP Proxy not authenticating
« Reply #27 on: August 29, 2012, 03:47:25 pm »
Regarding authentication "error" (at least in term of expected behaviour, I would suggest that you look at logs (squid and syslog) and search for any entry matching account.

Just curious: is this behaviour linked to specific account or to specific workstation  ???

Can you tell me the exact location of the squid logs? No it is effecting any account. For instance on my mac it is not part of the domain so it prompts me for basic authentication and i can use any number of domain login accounts that were synced via ldap and it just keeps re-prompting a login.

ccarpenter

  • Zen Monk
  • **
  • Posts: 60
  • Karma: +0/-0
    • View Profile
Re: HTTP Proxy not authenticating
« Reply #28 on: August 29, 2012, 03:50:02 pm »
When the proxy is off what route is the IP traffic taking to get access?

What do you mean by this? The default gateway for the DHCP pool is to use the zentyal firewall.

stuartiannaylor

  • Guest
Re: HTTP Proxy not authenticating
« Reply #29 on: August 29, 2012, 03:50:12 pm »
:) /var/logs all in there.

Always good to throw in the zentyal log and module specific log.

I usually use winscp as a freebie goodie to do it remotely.

What do you mean by this? The default gateway for the DHCP pool is to use the zentyal firewall.

Sorry I got confused but I thought you said you couldn't get any access from the proxy machine?
In fact a little confused to be honest :)

Stay with it :) post some logs and check the basics and build without the proxy and all.

Might be a while as I have an invite for pub lunch and a beer.
« Last Edit: August 29, 2012, 03:54:42 pm by stuartiannaylor »