Problems with basic authentication

General questions.
Post Reply
Posts: 13
Joined: February 21st, 2016, 12:34 am
Location: South Afroca

Problems with basic authentication

Post by vdmgc » July 25th, 2018, 9:34 pm

Hello fellow forum members. I am stuck (and solved some issues) with a scenario where authentication is required for a small group of people. I had a look at both budget and practicality and came to the conclusion that basic authentication should be great.

..except it isn't. Its rather frustrating and poorly documented.

I am experiencing several problems and got some solutions. Please help me and other venturing down this path...

Problem #1: The UI doesn't reflect it, but passwords may not be longer than 8 characters. This is not a big deal, but the UI should state this somewhere so other people after me don't have to spend a day to figure out why nothing works.

Solution#1: Don't use passwords longer than 8chars.

Problem #2: Setting passwords by the users. The documentation is blatantly wrong. Clients can set passwords here according to the WIKI: http://IP-IPFIre:81/cgi-bin/chpasswd.cgi. source: ... auth/local

Solution#2: The real URL is in fact this: https://IPFIre:444/cgi-bin/chpasswd.cgi

Problem#3: This is not an IPFire problem. Be aware that Android have no proxy authentication support. You don't need to route phones to fix it, but you DO need to load 'ProxyAuth' for android or similar.

Solution #3: Not ideal, so if someone has a better plan, please let me know.

Problem #4: For some obscure reason I cant fathom, when auto proxy config url is set in Windows, it doesn't respect the fact that the proxy is in transparent mode again. This is a bigger problem than it may initially seem because it makes it impossible to roll back on the inevitable event of failure to implement auth for the first 50 times. Some URL's works great, but GMAIL wont open. You manually have to disable proxy on all 30+ workstations just to do it again a day later.

Solution #4: Make reg file with proxy settings because you will enable/disable many, many times before something starts to work.

PS, for those that wish to test Radius, it ALSO doesn't seem to work so great. Or at all. My experience was utter failure. I have posted questions about FreeRadius and nobody on the face of the planet seems to understand anything about it, The thread is quite old by now and unanswered.

I tried Tekradius - a great tool with a GIU (which is handy if you wish to learn about Radius) but IPFire never even opened a connection to Radius as far as I could see. This is rather sad, because the authentication options seems to be either outdated or utterly broken for very long.

Post Reply