Jump to content


Photo

AD Login failures in test environment

410 Active Directory Login Failures

  • Please log in to reply
No replies to this topic

#1 Dave Sampieri

Dave Sampieri
  • Members
  • 1 posts

Posted 18 May 2012 - 08:44 AM

I am doing some testing off the 410 Web Filter and cannot log in when accessing a page that is restricted for most viewers.

Here's the set up: 4 computers plugged into a 1 GB switch. The switch is plugged into the LAN jack on the 410. The WAN port is plugged into a network jack that is linked to the rest of our network (We are not directly connected to the firewall).

I set up a couple of block rules and local users. Surfing inside and outsidee of our network seems to wwork fine. When I hit a blocked page, the local user can login and, if he has rights, go to the page.

I then went to the User/Groups - Aut5hentication page and set up my link To AD. I am only going against a small set of containers that were set up for Websense in the past so the synch only takes a minute.

To verify the synch worked, I went to Block/Accept - Exceptions and searched for all LDAP users and groups. All of the groups came back in the search and when expanded the correct users were there.

I then created a Custom Category called TechDepartment and allowed it broader rights. I went back to the Exceptions page, looked up my group and gave it an Allow setting for the ccustom category and then saved the group.

However, attempting to go to a page and login as a domain user never works. I verified that the accounts are in the correct group, even went so far as adding an Allow Exception for one of the individuals.

When I try loggin in, I have tried domainName\Username, username; AuthenticationService\username, authenticationService:username...all of these come back with invalid user name or password.

And, I don't see any attempts against our domain servers.

Did I miss a step somewhere or will this just not work in this test environment?

A couple of other notes: Yes, the Barracuda box can ping the Domain Controllers; Yes it can ping the sites I want to go to (local users can get to them). I have deleted the Authentication Service a few times, I have tried using TLS security and no security, I have tried CN instead of sAMAccountName.

I would love to hear back from some people on this...Thanks!

Dave