Ipad access through neth

webfilter
proxy

(toni) #1

Hello All,
New to all this, have squiguard running on my netserver and all running fine, with ad setup, profiles to setup users all ok. However i have some ipads that are not domain based but they do get their ip via a dhcp server, and i have to manually put in the FQDN of the netserver in the proxy, but they cant access web, When browsing on ipad theyget Error cache access denied.
The following error was encountered while trying to resolve the URL: http://www.google.co.uk
Cache Access Denied, Sorry, you are not currently allows to request http://www.google.co.uk/ from this cache until you have authenticated yourself.
But all other machines fine, just ipads


(Markus Neuberger) #2

Hi @tjaski,

don’t have an ipad as I am more used to android, but I tried with Safari for Windows and it seems it does not support the auth method. It tries NTLM instead of kerberos which is not supported anymore.

[root@server etc]# tail -f /var/log/squid/cache.log
2017/12/01 17:28:00 kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: received type 1 NTLM token; }}

You may try firefox for ios and set manual proxy:


Maybe this could help too:

https://www.jamf.com/jamf-nation/discussions/22600/ios-single-sign-on-kerberos


(toni) #3

Hello Markus,

Thanks for that, i seem to have found a way around that issue but another is now driving me bonkers. All my users are domain joined and these don’t have a problem. However i have 6 machines “not” on the domain so within “firewall objects” under “hosts” i created 6 new hosts that correspond to the 6 that cant get to the internet. So i go to “host groups” where i create a new group, and then add the 6 i created to this group.
When the go to a browser a popup says that it need a username and password to log on, as i completed this in the previous set i add the username and password, and it works. But not for all of them, it works for about 4 of the machines. Then after a hour or so the ones that worked now wont accept the username and passord!!
Can i give 6 machines anonymous access, or is there a way i can get these through some kind of “dmz”

As i say it all works except for these none domain machines which need internet access…


(Markus Neuberger) #4

You’re welcome. How did you solve it?

What about proxy-bypassing these 6 machines?

http://docs.nethserver.org/en/v7/web_proxy.html#bypass


(toni) #5

Hello,

In windows AD I made a user called ipad under “interactive users”

Nethserver imported the user, then used FQDN as proxy on ipads with port as 3128, plus username and password.

Nethserver treated them as domain machine and it worked. Somehow…

However same trick doesn’t work on windows machines not “really” on the domain.

So will have a look at the proxy bypass…

Thanks


(toni) #6

Hello Again,
I have used Hosts without proxy, and included the six machines there.
However i might have missed something as in “network” > “proxy” mode for green zone and trusted shows as authenticated, but blue also shows authenticated, but interestingly under “configuration” > “network” i don’t have a blue network


(Markus Neuberger) #7

Does it work?

This is no problem. If you don’t have a blue network the setting is ignored.


(toni) #8

Hello,

This is where I gets weird, as I think I have mentioned, when the machines go onto the browser it asks for username and password on some machines works and I can browse on other of the six machines I put the same username and password and it just throws it back again.

Then after a while the ones that worked then don’t, popup box asking for authentication comes up again.

So I am stuck…

I could send you some screen grabs if you want as I am probably adjusting things I shouldn’t.

Toni


(Markus Neuberger) #9

Did you set the 6 clients to use no proxy? Does it depend on the browser if it works, you may test with another browser?

If you think that you did something wrong feel free to paste a screenshot.


#10

Hi,

Is the nethserver is the Dhcp server?
I’m using nethserver, and all my istuff working well…

With proxy filtering… So I think about a dhcp configuration?
What about the wifi connection? Is a wifi router? A wifi AP?


(toni) #11

Hello Jim, thanks for the reply, I am a complete newbie on nethserver. I have managed to set it up so all windows machines and iPads are filtered through it. DHCP is on a 2012server. The only issue I have as I have mentioned is with six none domain machines, that have fixed IP’s , I need these to go out but at the moment I don’t know how. I have used proxy bypass, but I keep getting the popup that asks for authentication to the nethserver when I go to a browser. I put in the credentials and on some machines (2) it works, others I put the creds in doesn’t work. Then the two that worked will pop them up again and stop access. So I am stumped.