Webproxy with ADS and SSO not working (Help Please)

Questions to IPFire Addons.
crisman
Posts: 24
Joined: May 12th, 2015, 8:19 am

Webproxy with ADS and SSO not working (Help Please)

Post by crisman » May 12th, 2015, 8:35 am

Hello,

I'm new here an I was testing IPfire successfully during a week, at the moment I would like to implement Webproxy with AD and SSO authentication and followed this instructions http://wiki.ipfire.org/en/configuration ... -directory, I don't have "Allow HTTP Basic Authentication" enabled then created an Based Access Control Group to permit only a few users to access the web, but on the browser is always asking for user and password that I don't want to do it and also If I put the username and password for a valid user from the group it does not allow access, what it could be wrong?

BAGC.PNG
BAGC.PNG (8.13 KiB) Viewed 2330 times


Thanks.
Image

crisman
Posts: 24
Joined: May 12th, 2015, 8:19 am

Re: Webproxy with ADS and SSO not working (Help Please)

Post by crisman » May 13th, 2015, 8:03 am

Come on guys?

Is anyone capable on supporting me on this?
Is there anyone running this features on its environment without issues?


Thanks.
Image

crisman
Posts: 24
Joined: May 12th, 2015, 8:19 am

Re: Webproxy with ADS and SSO not working (Help Please)

Post by crisman » May 13th, 2015, 1:59 pm

I found this message on the "squid.log":

Code: Select all

Got NTLMSSP neg_flags=0xa2088207
Got user=[COliveira] domain=[LUSO] workstation=[COLIVEIRA-BWY1] len1=24 len2=266
Could not parse AcessoInternet into seperate domain/name parts!

I'm not sure if it can help, if anyone could check please???
Last edited by crisman on May 27th, 2015, 4:55 pm, edited 1 time in total.
Image

crisman
Posts: 24
Joined: May 12th, 2015, 8:19 am

Re: Webproxy with ADS and SSO not working (Help Please)

Post by crisman » May 13th, 2015, 2:23 pm

Also on other forums with similar problems, some guys are complaining about this line on squid.conf:

Code: Select all

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="AcessoInternet"


the parameter "--require-membership-of=" must have domain \ group but if I use on Group Access Control Based the LUSO\AcessoInternet

on the squid.conf I can see this:

Code: Select all

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="Luso+AcessoInternet"


I've also seen on other forums the parameter with only one single quote and not double quote like --require-membership-of='Luso\AcessoInternet'

It seems something is wrong!!
Last edited by crisman on May 27th, 2015, 4:56 pm, edited 1 time in total.
Image

crisman
Posts: 24
Joined: May 12th, 2015, 8:19 am

Re: Webproxy with ADS and SSO not working (Help Please)

Post by crisman » May 14th, 2015, 3:10 pm

Its anyone running the Webproxy with AD integration using groups to access the web?
Please I need some information on this?
Should this be a BUG?


Thanks.
Image

User avatar
FischerM
Community Developer
Community Developer
Posts: 648
Joined: November 2nd, 2011, 12:28 pm

Re: Webproxy with ADS and SSO not working (Help Please)

Post by FischerM » May 14th, 2015, 3:37 pm

Hi,

To make sure you don't talk to yourself all the time:

Sorry, I would help if I could but I never ran this configuration and haven't got the chance to do so...

Regards
Matthias

crisman
Posts: 24
Joined: May 12th, 2015, 8:19 am

Re: Webproxy with ADS and SSO not working (Help Please)

Post by crisman » May 14th, 2015, 3:52 pm

FischerM wrote:Hi,

To make sure you don't talk to yourself all the time:

Sorry, I would help if I could but I never ran this configuration and haven't got the chance to do so...

Regards
Matthias


Thanks Matthias,

Finally someone replied. Its very stressing to see that no one answered!!
I just cannot believe that nobody has this in production or at least in a Lab environment.

Regards.
Image

User avatar
twilson
Posts: 457
Joined: October 31st, 2014, 9:26 am
Location: Germany

Re: Webproxy with ADS and SSO not working (Help Please)

Post by twilson » May 15th, 2015, 1:57 pm

Hello crisman,

according to FischerM, I don't have any experience in this area, too. (I've always tried to avoid Microsoft Products when running a network...)

But as far as I understand, this is a bug. I'd suggest to report it at https://bugzilla.ipfire.org/.

Maybe some of the developers is able to help you.

Best regards,
Timmothy Wilson

crisman
Posts: 24
Joined: May 12th, 2015, 8:19 am

Re: Webproxy with ADS and SSO not working (Help Please)

Post by crisman » May 15th, 2015, 2:23 pm

twilson wrote:Hello crisman,

according to FischerM, I don't have any experience in this area, too. (I've always tried to avoid Microsoft Products when running a network...)

But as far as I understand, this is a bug. I'd suggest to report it at https://bugzilla.ipfire.org/.

Maybe some of the developers is able to help you.

Best regards,
Timmothy Wilson


Thanks,

I've followed your advice and created a Bug Report.

Regards.
Image

torb
Posts: 2
Joined: May 29th, 2015, 5:22 am

Re: Webproxy with ADS and SSO not working (Help Please)

Post by torb » May 29th, 2015, 8:53 am

Hi crisman,

I'm using ipfire with the AD integrated SSO authentication and it works pretty well (besides of the firefox support).

In the required group field, I entered the name like this: "domain\group"

crisman
Posts: 24
Joined: May 12th, 2015, 8:19 am

Re: Webproxy with ADS and SSO not working (Help Please)

Post by crisman » May 29th, 2015, 9:21 am

torb wrote:Hi crisman,

I'm using ipfire with the AD integrated SSO authentication and it works pretty well (besides of the firefox support).

In the required group field, I entered the name like this: "domain\group"


Hi torb,

I've already done that also, but with no luck, is always opening a window requiring username/password.
I got this error message:

Code: Select all

Could not parse luso\AcessoInternet into seperate domain/name parts!

What version of IPfire, Squid and Windows Server are you using?
Could you send me your squid.conf and smb.conf files for comparing?

Thanks.
Image

Fabricioguzzy
Posts: 2
Joined: May 23rd, 2016, 5:24 pm

Re: Webproxy with ADS and SSO not working (Help Please)

Post by Fabricioguzzy » May 23rd, 2016, 5:51 pm

Hello Everyone...

I am facing exactly the same problem and I could NOT find ANY resolution for that.
I have an "INTERNET" group in my Active Directory, to separate the end-users that have Internet Access from the others who should not access Internet.
When I enable the "Group Based Access Control" adding the AD group name, the authentication screen starts to appear requesting the end-user to input his LOGIN and PASSWORD (something that doesn't happen when no group is added)
Whatever the group I add or the way I add it (I tried the group name only like "INTERNETGROUP" or the Distinguished Name like "CN=INTERNETGROUP,DC=OCTACORE,DC=CORP," it DOESN'T WORK.
It seems IPFIRE can't find the group.
Do we have any FIX/SOLUTION for that? Am I using the correct SYNTAX to add the Group?
by the way, I added IPFIRE to AD using SAMBA. everything is OK with that part.

Please Help.

Thanks
Fabricio.

hulot
Posts: 9
Joined: October 20th, 2011, 6:23 am

Re: Webproxy with ADS and SSO not working (Help Please)

Post by hulot » August 5th, 2016, 6:47 am

Same problem. If I put a group in the box, there is no connect to the internet. Authentification box comes up. Anybody a solution?

Orhan
Posts: 41
Joined: November 1st, 2015, 10:45 am

Re: Webproxy with ADS and SSO not working (Help Please)

Post by Orhan » August 5th, 2016, 11:26 am

Hello

I have also the same problems with sso

I hope the bug is solved by the next Update

Regards
Image

Submarine
Posts: 62
Joined: December 11th, 2013, 10:16 am

Re: Webproxy with ADS and SSO not working (Help Please)

Post by Submarine » August 8th, 2016, 8:33 am

Hey!

I have that problem also since the last update from 2.19 core update 102 to core update 103.
Last edited by Submarine on August 8th, 2016, 9:03 am, edited 1 time in total.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests