This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Profile with Basic Auth is denied

I just setup a PC for general/access the is basically a kiosk of sort.

I created a local user on the Astaro: Webinar
Password is xyz

I created a profile ConfRoom1, added the ip to the networks, gave it our normal filter assignments for testing, selected Basic User Auth and removed SSL scanning.

When I try to connect to google.com i get the popup box to enter my username and password. When I enter the info and click ok the boc reappears.

The auth log shows this: 
2009:03:13-17:04:22 qcspcxx1 aua[32276]: id="3006" severity="info" sys="System" sub="auth" name="checking if Webinar is enabled"

2009:03:13-17:04:22 qcspcxx1 aua[32276]: id="3006" severity="info" sys="System" sub="auth" name="user is enabled. Calling do_auth()"

2009:03:13-17:04:22 qcspcxx1 aua[32276]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="192.168.10.150" user="Webinar" caller="http" reason="DENIED" 


This is the first time I am using Local Auth. Am I missing something?

I got it to work using Remote AD Auth, but this computer is a standalone and not part of the domain.

Thanks.


This thread was automatically locked due to age.
Parents
  • If you cancel the auth after the first time, and try to surf again, does it work?

    Barry
  • Remember that "Auth" and "Transparent Mode" are mutually exclusive.  Do you have the browser proxy settings in the stand-alone unit?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Good Morning

    Would you like some help? Do we need more information about Profiles-Basic Protection on how to do the site programming in good practice format so that we do not make exceptions in Profiles-Basic to run the site?
    I would like documentation specifying how we should program the site so we do not get exceptions ..

    I would like a documentation of good practices .... Regarding the security modules Webserver Protection Firewall


    Thank you for your help

  • Olá Fabiano and welcome to the UTM Community!

    There's not really a best-practices document for Web Application Firewall.  The "trick" is to start in "Monitor" mode so that you can identify false positives  Then, as you see the protections you don't want to disable, you can determine what you programming might want to change on your site.

    Cheers - Bob
    PS Note that this thread is in the Web Filtering forum.  You will want to post your question in the Web Server Security forum.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • This is news, not something I remember because I have never seen it asserted anywhere else, and the user interface does not indicate any such restriction.

    The only restriction that I have seen is that SSO Authentication is incompatible with Transparent Web Proxy when traffic is flowing through a Bridged interface.   None of those apply in this case.

    I suspect the problem is that the Filter Profile is configured correctly, but it is not linked to an active Policy to which the kiosk user has been assigned.    My Wiki post may help him.

    https://community.sophos.com/products/unified-threat-management/w/utm-wiki/37/securing-and-configuring-web-filtering

  • The denied result in the user authorization log has me confused and bugged.  It says to me that the login failed - either a wrong password or something along those lines.   I assume you know the oasdword.  I have not done much with local accounts, so  I do not remember if they can be disabled, time restricted, or feature restricted on the account object.

    If web proxy was the problem, you would see blocked in the web log, rather than this result.

Reply
  • The denied result in the user authorization log has me confused and bugged.  It says to me that the login failed - either a wrong password or something along those lines.   I assume you know the oasdword.  I have not done much with local accounts, so  I do not remember if they can be disabled, time restricted, or feature restricted on the account object.

    If web proxy was the problem, you would see blocked in the web log, rather than this result.

Children
No Data