Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » How to avoid login page of KWF?
  •  
ChinDangShun

Messages: 12

Karma: 0
Send a private message to this user
I'm having a network with details:
- 01 Server IBM 3.0GHz, 1GB RAM,... runs Windows 2000 Advanced Server with role of PDC. (Another PC to run as BDC also) DHCP & DNS run on this Server. NetBIOS name: Server1; FQDN: Server1.company.com
- 40 PC Clients runs Windows 2000 Prof or Windows XP

I installed KWF 6.2.2 on Server and do the following:

1. Active Directory Mapping:
-- Active Dir domain name: company.com
-- Description: Test AD mapping
- Domain Access: I filled Username & Pass of Administrator who has full right of read/write AD DB.
- NT Authentication: NT Domain Name: COMPANY

2. Authentication Options:
- I check "Always require users to be authenticated..." and "Enable user authentication..."
- "Automatic logout...": 120mins

The User Accounts tab right then be filled up with users from AD ! Good.

3. HTTP Rule:
I created a HTTP rule to Allow Any User to browse Any HTTP objects with "Do not require Authentication" is unchecked.

From now on, any client PC want to browse any webpage must authenticate by webpage from KWF.

But, I want that:
a. Client PCs always automatic authenticate silently with KWF, not through KWF login page !
b. I will create HTTP rules to allow or deny some users to access a webpage.
c. Beyond HTTP rules, I want to create Rules in Traffic Policy to allow or deny some users, groups to access some services. E.g I want the user A will not be able to use POP3 and SMTP service but HTTP allowed. The user B is conversed of user A: Allow POP3 and SMTP but HTTP is banned !!!

If I use Traffic Policy to manage user-level, may KWF authenticates a client PC without let him/her to browse the KWF login first? When I logout all users, all users will be able to use any Services that I prohibit using user-level Traffic Policy !!!

Please help me soon. Thank you very much!

[Updated on: Thu, 19 October 2006 05:57]

  •  
ChinDangShun

Messages: 12

Karma: 0
Send a private message to this user
Could anyone help me soon as I must implement it in next Monday.

Thank you very much!
  •  
csuno

Messages: 4
Karma: 0
Send a private message to this user
I want to realize exactly the same....

Please help us. CSUNO
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
See here:
Automatic user authentication using NTLM
http://www.kerio.com/manual/kwf/en/ch22s03.html

There you'll also find some troubleshooting tips.
  •  
csuno

Messages: 4
Karma: 0
Send a private message to this user
This works fine. The automatic NTLM login works.

BUT we want to deactivate, the Webinterface manually LoginPage.
So, noone couldnt login, when he/she isnt on a windows domain profile loged in.

I've tried to create a HTTP policy to avoid acces to the login pages, but it dowsnt work!?

I've create a URL Group with e.g. "https://fw-server:port/fw/login?NTLM=0*" or just "https://fw-server:port/fw/login*" but that want block the Login page!

Any other ideas?

BUT THX for the comment! CSUNO

[Updated on: Thu, 23 November 2006 19:58]

  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Perhaps too obvious, but can't you simply disable the webinterface in Kerio Admin Console, Advanced Options, Web Interface/SSL-VPN tab?
  •  
csuno

Messages: 4
Karma: 0
Send a private message to this user
No, this want work (for me). Even with NTLM login, it uses the standart Loginpage, but you dont have to enter something, it warks automaticly. But with deactivated webinterface he cant authenticat.

Sorry but Thanx CSUNO
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
I don't really understand the problem. You allow people to use the Internet if they have a Window domain account. Why can't they use the net (with their proper username/passwords) when they're not logged into the domain? Can't you make in impossible to even login to Windows without login into the domain?

So: currently it's possible to get to a webbrowser, but you want to refuse those people access to the net, even though they do have a valid username/password? Right?
  •  
csuno

Messages: 4
Karma: 0
Send a private message to this user
Yes, Thats right. I dont want to forbitt a local login, for any User. But for this, they shouldnt have acces to any Web Content!
This have several security and administration reasons.

But i will thing about, what you say - to avoid deny of local login!

sanxs CSUNO
  •  
uniquegodwin

Messages: 13
Karma: 0
Send a private message to this user
Hi Winkelman,
Actually thats exactly what I need.

How do I get this done?

Thanks
Previous Topic: [ask] i got a problem about Facebook and mail
Next Topic: What's wrong with you KWRF !
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 05:53:18 CET 2017

Total time taken to generate the page: 0.00454 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.