This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Proxy asking for authentication credentials

I've got a WS1100  Appliance. My users are being proxied through with a proxy.pac file hosted on one of our servers. We use AD integration to authenticate our users.

My issue is that very randomly a user will call me saying they can't get to any websites. What they have is an authentication box for our WS1100. If they enter their credentials (which is what should be passed automatically) it refuses them 3 times until it gives a "Proxy Authentication Error" page. If I log in with my own credentials however, (which are obviously elevated compared to most of our users), it will let me through.

This happens very randomly, to different users with different access.  Sometimes restarting their machine fixes the problem sometimes logging off and back on fixes it, and sometimes it won't go away without bypassing the proxy altogether.  If

It seems to be a windows problem, as if Windows isn't letting them authenticate. If the ygo to another machine they have no problem. Doesn't seem to be a Sophos problem but I thought maybe someone here has seen a similar issue.

:22157


This thread was automatically locked due to age.
Parents
  • Hi NBRHC,

    IE is challenged for authentication by the appliance, but this should happen transparently to the user.  It's actually the appliance which should contact AD. 

    In some circumstances this authentication process could fail (if the account is locked out such as shakthi16 suggested).

    In this case, IE will display a prompt for authentication with the appliance.  Perhaps your users' are unsure whether they are authenticating with the appliance or the website?

    You could try enabling the Captive Portal as a fallback process in Configuration | System | Authentication?
    When authentication with the appliance (AD) fails the user will get a HTML page which makes it clearer they are logging in for internet access.

    If you can reproduce specific examples of this please do call our support team and they can help you get diagnostics to troubleshoot this.

    Thanks,
    Tom.

    :29073
Reply
  • Hi NBRHC,

    IE is challenged for authentication by the appliance, but this should happen transparently to the user.  It's actually the appliance which should contact AD. 

    In some circumstances this authentication process could fail (if the account is locked out such as shakthi16 suggested).

    In this case, IE will display a prompt for authentication with the appliance.  Perhaps your users' are unsure whether they are authenticating with the appliance or the website?

    You could try enabling the Captive Portal as a fallback process in Configuration | System | Authentication?
    When authentication with the appliance (AD) fails the user will get a HTML page which makes it clearer they are logging in for internet access.

    If you can reproduce specific examples of this please do call our support team and they can help you get diagnostics to troubleshoot this.

    Thanks,
    Tom.

    :29073
Children
No Data