Virtual Secure Web Gateway

Dear All,

I’m trying to configure NTLM based on „Symantec Web Gateway Version 5.0 Implementation Guide”, but I have some difficulties. My domain is teszt.local and my DNS&Domain server is server.teszt.local

1. problem:

At LDAP configuration Kerberos authentication doesn’t work, only simple. I’ve got that error message: „An LDAP error was encountered: The LDAP Server IP/Hostname or Port you have entered is incorrect, please enter the correct settings and try again.”

Hostname is 100% correct, because simple authentication works, so based on the error message the port should be wrong. I’ve tried 389, 88, 750,749, 464, 543, 754 – non of them worked. What port should I use?

2. problem:

I’d tried to configure NTLM with simple LDAP athentication. I did it step by step based on Implementaton Guide from page 182. On Table 9-4 (page 183) Step 1-2 is ready, I’ve started step 3, but I’m a little confused. Based on page 186 these options should be there: „Use Interface Name for NTLM Authentication”, „Authentication TTL”, User Authentication Re-tries”, but I can’t fin them anywhere:

3. problem (optional)

It can be that the solution for 2. problem solve that one too. If I fill the „limited” options and I’d like to test if it works, I get an error message: „We're sorry, but an error occurred while contacting the domain controller: 1 Unable to find a suitable server for domain TESZT.LOCAL Unable to find a suitable server for domain TESZT.LOCAL”

Thanks your help!

Viktor

When kerberos authentication fails it is typically is something you need to change on the DC as there are no options on the SWG other than to use or not to use kerberos. If there is any kind of firewall or router besure all the ports needed for kerberos authentication are open between the SWG and the DC.

Interface for NTLM should automatically be the management interface, i was not able to even enable NTLM authentication until I named my management interface. Authentication TTL was included with your screenshot, and below that should have been user authentication retries.

Thanks for the information.

Problem1: Firewall is turned off, there's only a swithc between SWG & DC. Do you have any tips what should I configure too on DC for Kerberos?

Problem2:  User authentication retries still doesn't appears on the screen.

Problem3: Do you have any tips why I've got error message testing NTLM? (We're sorry, but an error occurred while contacting the domain controller: 1 Unable to find a suitable server for domain TESZT.LOCAL Unable to find a suitable server for domain TESZT.LOCAL"

Thanks in avance!

Regards,

Viktor

Hi Viktor,

Have you tried entering your pre-Windows 2000 domain name as the realm ie. 'Teszt' instead of 'Teszt.local'?

Cheers,

Kevin

I cannot help with kerbose failing or your DC. You may want to check your windows security or system logs to see if it can provide some insight to the kerberos problem.

what is the full version number of the SWG software installed on your SWG?

What is the mode it is running in?

Can you put a full screenshot of the authentication page up? the screenshot provided is incomplete. Feel free to scrub any internal information.

Dear All,

thanks your help. I checked all the settings from the beginning and the problem was that I misswrited the DNS IP at network cofiguration. Sorry!

Viktor