Author Topic: NTLM Authentication for Http Proxy module (Windows AD slave) [SOLVED]  (Read 4451 times)

ziv lin

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Dear all,
     
   I want to setup the NTLM authentication for HTTP proxy module:
When users open the IE and IE not pop-up authentication window, system will be authentication AD account information at backstage, if the AD account was be allowed, then IE will be access internet.
My system status as:
1. Zentyal: 2.2.3 ;
2. Users and Groups: 2.2.4 ;
3. Http Proxy: 2.2.1 ;
4. DC: Windows server 2008 R2
5. Client system : Windows 7 SP1
6. AD Account and Password sync: OK
7. IE proxy access Internet: OK
8. Firewall: any to any.

But,I have a problem now:
When I was configured the NTLM Authentication step by step:
(http://trac.zentyal.org/wiki/Documentation/Community/HowTo/ProxyWithNTLM),
IE not pop-up the Authentication window and it can not access Internet.

How can I fix that?

PS: I apologize for my English, I'm chinese...
« Last Edit: December 09, 2011, 08:55:41 am by ziv lin »

teslakru

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
plis check in squid proxy...
may be, pop up in command

ziv lin

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
 :-[
It sure be no pop-up, that is what i want.
My DC fullname is RDPtest.test.com.
I was edit the file /usr/share/zentyal/stubs/squid/squid.conf.mas changing the lines:

auth_param basic realm Zentyal HTTP proxy
auth_param basic program /usr/lib/squid/ldap_auth -v 3 -b  ou=...

To:

auth_param ntlm program /usr/lib/squid/ntlm_auth -b test.com/RDPtest
auth_param ntlm children 25
#auth_param basic realm Zentyal HTTP proxy
#auth_param basic program /usr/lib/squid/ldap_auth -v 3 -b  ou=...

and edit the file  /usr/share/zentyal/stubs/squid/dansguardian.conf.mas changing the line:

#authplugin = '/etc/dansguardian/authplugins/proxy-ntlm.conf'

To:

authplugin = '/etc/dansguardian/authplugins/proxy-ntlm.conf'

I don't know what is error in my Zentyal.  :(

ziv lin

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
 :) hi, everyone.

I was solved my problem about NTLM Authentication.

1. Configure the zentyal step by step as following link:
http://trac.zentyal.org/wiki/Documentation/Community/HowTo/ProxyWithNTLM
(please replace all "ebox" of "zentyal").
2. Configure the GPMC in Windows server2008 R2 :
    Computer configuration-- policies--windows settings--security settings--local policies:
   a. network security: LAN Manager authentication level : send lm & NTLM responses;
   b. network security: LDAP cient signing requirements : negotiate signing;
   c. network security: Minimum session security security for NTLM SSP based (including secure RPC) clients & servers : Require 128-bit encryption;
   d. network security: Restrict NTLM : Audit Incoming NTLM Traffic : Enable auditing for all accounts;
   e. network security: Restrict NTLM : Audit NTLM authentication in this domain : Enable all;
   f. network security: Restrict NTLM : Incoming NTLM Traffic : Allow all;
   g. network security: Restrict NTLM : NTLM authentication in this domain : Disable;
   h. network security: Restrict NTLM : Outgoing NTLM traffic to remote servers Allow all.
3. Run GPUPDATE in windows server 2008 R2 and Windows7.

christian

  • Guest
Assuming this is now solved, would you please mind stamping this topic as [SOLVED]? ;)