Unable to authenticate pc not members of the ms windows domain(pc out of domain and mobile devices)
We are unable to authenticate via http portal: pc tablets and mobile phones not members of the main windows domain (default usage of web login instead of SSO-Agent when "anonymous" pc, tablets, and mobile phones is connected to LAN.
All pc members of Active Directory can authenticate with SSO-Agent and works perfectly, but hosts out of domain but on the same lan don't authenticate via http and surf the web withlout authentication.
i tryed to change these values on the manage->users->settings->weblogin page including:
-Allow authentication page in frame
-Redirect users to the login page: Via an informatory intermediate page, Directly
i tryed to change these values on the manage->users->settings->user sessions
-Open user's login status window in the same window rather than in a popup
but web authentication still not work.
The network environment is:
one NSA2650 firewall, many windows pc on a windows domain, many pc tablets and mobile phones on the same lan of NSA2650 connected with many wifi access points of various brand bridged via iso/osi layer2 with NSA2650 outside of windows domain but on the same lan (same dhcp server on the windows server that assing LAN IP to both domain and non-domain member devices)
Answers
Hi @fabritrento
Have you created a firewall rule from the Zone i.e. LAN to the WAN to allow for HTTP/HTTPS for Trusted Users ?
it needs this to redirect the users not authenticated by SSO
i added rules as this screenshot bot no results... there is sometingh wrong?
Hi @fabritrento,
you only need the one rule in,
I would group the Services HTTPs and HTTP in to one group the allow for trusted users,
if you are using for gen 7 devices, also add the URL to the Interface you are connecting to like below (you may also need to do this on gen 6 appliances if the page isn't redirecting correctly), also make you have enabled HTTPS login on the actual Interface settings.
just to mention I've used :444 below as this is the my SonicWall's management port so change this to what yours is, if different to the default 443
i don't want to use external login page but the sonicwall itself. That don't work.
all users access to network authenticating if uses a domain active directory pc, and if uses another devices surf the web without authentication done. how can i fix?
Hi @fabritrento,
I used the local IP of the SonicWall Interface in the external login page section as otherwise on Gen7 it won't redirect correctly.
using the settings I provided should bring up the SonicWall login page where the user who is using a Mac for example can login using thier AD username and password, they will be redirected in their browser when they try going to a web page to the SonicWall login page, once they have done this they will get internet access,
is this not what you are trying to do?
What Firmware are you trying this on?
if you don't want users to authenticate then you need to excluded their devices in the SSO settings, exclusions, you would have to create a address object group using their IP or MAC address, or if they are on a different subnet exclude this.
yes i want that pc tablets and mobile phones that is not member of windows domain can authenticate via web at https://xxx.xxx.xxx.xxx/auth.html (the sonicwall auth page that authenticate users trough windows domain users accounts).
if i try to authenticate accessing to https://xxx.xxx.xxx.xxx/auth.html with a AD user sonicwall give me the session of 360minutes and works... the problem is that all pc tablets and mobile phones surf the web directly instead to be redirected to https://xxx.xxx.xxx.xxx/auth.html
Hi @fabritrento,
What is the firmware you are using ?
and what exactly is not happening,
are you saying that the redirect doesn't work when users try to go to the internet from all the devices like PC's, Tablets and Mobile phones?
if you let me know I can test here and see if I can replicate the issue, can you post screenshots of what is happening?