AD Problems multi site

stictx · 08-24-2010, 11:45 AM

I am a local franchisee with 11 locations. My parent company hosts AD and is the domain admin. I have no access to the domain but my user login. All of my users login to the domain. In order for me to use the AD connection I need to have admin access to the AD server which I don’t have.

I'm trying to use UT for content filtering specifically. When I attempt to login to the domain my login hangs for about 20 minutes. Once I get logged in all of my apps work great. In fact the citrix works better than outside the UT box.

What options do I have?

mrunkel · 08-24-2010, 12:04 PM

You don't need admin access. It just queries the user and group list which is usually available to all users.

You do need non-encrypted LDAP access.

stictx · 08-30-2010, 02:15 PM

I contacted my application vendor and they use encrypted LDAP access. Am I SOL or what options do I have.

sky-knight · 08-30-2010, 02:25 PM

You'll have to switch over to Captive Portal authentication, and more than likely you'll have to stop authenticating against AD.

Nothing outside of a windows OS can get encrypted access to AD.

stictx · 08-30-2010, 02:37 PM

If I dont controll the AD server nor the domain I dont know that a captive portal will work for me. Would I need to create a new AD server?

sky-knight · 08-30-2010, 03:09 PM

The captive portal can authenticate vs a local directory, and at least give you some names to map to IP addresses.

But yes if you want AD and they require encrypted access... you'll have to build your own AD.

08-24-2010, 11:45 AM	#1 (permalink)
stictx Newbie Join Date: Jun 2010 Posts: 3	AD Problems multi site I am a local franchisee with 11 locations. My parent company hosts AD and is the domain admin. I have no access to the domain but my user login. All of my users login to the domain. In order for me to use the AD connection I need to have admin access to the AD server which I don’t have. I'm trying to use UT for content filtering specifically. When I attempt to login to the domain my login hangs for about 20 minutes. Once I get logged in all of my apps work great. In fact the citrix works better than outside the UT box. What options do I have?

08-24-2010, 12:04 PM	#2 (permalink)
mrunkel Join Date: Jul 2008 Posts: 2,766	You don't need admin access. It just queries the user and group list which is usually available to all users. You do need non-encrypted LDAP access. __________________ m. Big Frickin Disclaimer: While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions. It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one. Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

08-30-2010, 02:25 PM	#4 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,454	You'll have to switch over to Captive Portal authentication, and more than likely you'll have to stop authenticating against AD. Nothing outside of a windows OS can get encrypted access to AD. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

08-30-2010, 03:09 PM	#6 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,454	The captive portal can authenticate vs a local directory, and at least give you some names to map to IP addresses. But yes if you want AD and they require encrypted access... you'll have to build your own AD. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

Protect

Filter

Perform

Connect

Manage

Add-Ons

08-30-2010, 02:15 PM	#3 (permalink)
stictx Newbie Join Date: Jun 2010 Posts: 3	I contacted my application vendor and they use encrypted LDAP access. Am I SOL or what options do I have.

08-30-2010, 02:37 PM	#5 (permalink)
stictx Newbie Join Date: Jun 2010 Posts: 3	If I dont controll the AD server nor the domain I dont know that a captive portal will work for me. Would I need to create a new AD server?