This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filtering not always picking up an AD user

For the purpose of this post I can assure you that this is in place : https://community.sophos.com/kb/en-us/123362

 

What's happening: For the most part this is working fine. We are using reporting, not really filtering, however, a user is frequently prompted to authenticate in Firefox. The PC is new, firefox has been updated, uninstalled, reinstalled, has the URL key put properly in the prefs file which shows up in about:config, and frequently I do see the user polling in Web Filtering -> Live Log. But, I don't always see the user & domain in the log and the user is prompted. It's important to note that noone else is ever prompted. The user's PC is one we have replaced, but we have replaced 2 others and no issues w/ them.

 

I'm scratching my head here as I'm running out of ideas. Anyone in the community have a thought?

 

Alexander



This thread was automatically locked due to age.
Parents
  • Hi Alexander,

    Can you show us a picture of the prompt? What authentication do you use for User authentication? Also, did you try any other browser in the new machine?

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • prompt is a browser prompt, yes, have used multiple web browsers. see the link in above post on configurations that are diff between IE (incl chrome) and FF.

    Not a time issue as time is synced. As of right now I'm not 100% certain why the polling is randomly failing. The site isn't even doing HTTPs so there's nothing that should be causing it to snag and have issues. I also added an msn window so that it would do straight http to msn and try to keep that open, no change.

    Could still be a weird win10 problem. At this office there is a PC that will NOT do group policy other than local. If you run modeling from the server, it shows you the GPs that should be in place. RSOP will show you no policies hitting the machine, and they won't unless built locally. Bit of a pain because the last time I did any GP work I forgot that and had an unpleasant reminder that this win10 upgraded PC doesn't behave normally.

    Yay, careers in IT...

Reply
  • prompt is a browser prompt, yes, have used multiple web browsers. see the link in above post on configurations that are diff between IE (incl chrome) and FF.

    Not a time issue as time is synced. As of right now I'm not 100% certain why the polling is randomly failing. The site isn't even doing HTTPs so there's nothing that should be causing it to snag and have issues. I also added an msn window so that it would do straight http to msn and try to keep that open, no change.

    Could still be a weird win10 problem. At this office there is a PC that will NOT do group policy other than local. If you run modeling from the server, it shows you the GPs that should be in place. RSOP will show you no policies hitting the machine, and they won't unless built locally. Bit of a pain because the last time I did any GP work I forgot that and had an unpleasant reminder that this win10 upgraded PC doesn't behave normally.

    Yay, careers in IT...

Children
  • So yes to NTLM? And you're not using Kerberos auth for your proxy? If so what is the NTLM compatibility level set to on your DC?

    I also added an msn window so that it would do straight http to msn and try to keep that open, no change. - No clue what you're talking about here. 

    Could still be a weird win10 problem. At this office there is a PC that will NOT do group policy other than local - This is the same PC that has the proxy authentication issue? Then this should be easy to figure out. If GPO's aren't applying, what are the errors? Very good chance are the two are related. And it being Windows 10 shouldn't matter. This might sound stupid, but can you just simply remove the PC from the domain and re-add it without any problems/errors, event log errors etc? Was there a domain controller decommissioned and not done properly? Remnants of the controller in AD still, with DNS entries pointing to a non existent DC? What functional level is the domain?

  • Some clarifications here:

    1) Yes, NTLM. No kerberos. No idea on compat level, I've done web filtering at 8 some odd sites without ever doing anything to the network other than domain joining the appliance.

    2) Added an MSN tab for Firefox. When I worked with support before, I was told that HTTPs can't be grabbed for auth, so will default to browser prompt. HTTP should be grabbed silently, no problem. I'm not actually filtering here, just doing reporting on web usage.

    3) No, not the same PC. Already did a domain unjoin + rejoin, even w/ nuking the computer account in between. No DNS or AD bits pointing to any other DCs or a bad decomission that I can see. 2008 R2 domain level. 5-6 other PCs at this client site w/ no issues. I have another client site with 3x physical locations and DCs and 60 some odd users + Macs + VMs and no issues at all. Just something weird with this PC.

    They're required to use FF for an LoB app, which is in a skip bucket. Going to have user use IE and see if issue continues. May be the first time I ever asked a client to use IE to avoid problems web browsing.

  • Alexander, you might see something in Configuring HTTP/S proxy access with AD SSO.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA