?
Solved

Sonicwall NTLM authentication not working with Chrome

Posted on 2016-09-14
16
Medium Priority
?
212 Views
Last Modified: 2016-09-21
I have Sonicwall NSA240 using NTLM authentication. It works with Internet Explorer. When a user connnects to the wireless network and trys to browse a webpage appears.

login page
When the user clicks on the link to Login they get redirected to the  correct page for entering credentials.

credentials page
However using Google Chrome, the redirection doesn't occurr, and it just loops back to the first page??

Any help would be greatly appreicated.

Thanks Mat
0
Comment
Question by:matedwards
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
16 Comments
 

Author Comment

by:matedwards
ID: 41798297
I have realised it is because the Sonicwall is using a Self Signed certificate.

IE11 is promting to continue and trust the self signed certificate. Chome is not prompting and jsut looping back to the first webpage.

Can I select one of the certificates in the sonicwall > certificates interface.

Can I genreate a .csr within the Sonicwall and purchase a signed certificate to use?
0
 
LVL 9

Expert Comment

by:J Spoor
ID: 41798388
assign the SonicWALL a proper FQDN, set this on system?adminsitration.
Then provide a proper SSL cert.

then on User>settings there's a redirect to option, set this to configured DNS name :)

you can slect the cert o use on system?administration

you can create a csr from system > certificates.
0
 

Author Comment

by:matedwards
ID: 41799443
That's great, thanks jspoor.

I created a .csr on the sonicwall. Have obtained a .crt certificate from a CA but when I click import it fails and the status remains 'Pending request' in the Sonicwall > certificates page?

Any ideas where I've gone wrong?
0
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

 
LVL 9

Expert Comment

by:J Spoor
ID: 41799451
did you use the import button behind the csr ? could be the pen icon, been a while since I did that
don't use the import one below the certs
0
 

Author Comment

by:matedwards
ID: 41799452
I've tried both now... getting desperate..!
0
 

Author Comment

by:matedwards
ID: 41799453
The cert is SHA1
0
 
LVL 9

Expert Comment

by:J Spoor
ID: 41799465
if you created a csr, then submit that to a ca, then behind the csr in the sonic is a server like icon with a green arrow. youuse that to import the .crt file.

if this keeps failing, you might want to import the CA servers intermediate CA certificates first.
0
 

Author Comment

by:matedwards
ID: 41801215
I have imported the SSL cer using 'pending request' button successfully.

I have installed SHA256 Intermediate certificate from the CA. I have also imported a SHA1 intermediate certificate (as the Sonicwall OS is 5.8.1.11)

The SSL certificate is showing Validated 'NO'.

I'm hoping a reboot  at the end of the day would fix this?
0
 
LVL 9

Expert Comment

by:J Spoor
ID: 41801252
validated NO, means you are missing an intermediate CA certificate
0
 

Author Comment

by:matedwards
ID: 41801265
But I have installed 3 Globalsign intermediate certificates -

CA Root
Intermediate Domain Validation CA SHA256,
Intermediate Domain Validation CA SHA1 G2  
Intermediate Domain Validation CA SHA1

globalsign-certs.JPG
0
 
LVL 9

Accepted Solution

by:
J Spoor earned 2000 total points
ID: 41801310
try a reboot. if it still says no, then it's still missing a certificate in the chain...

check the details which is the signing cert and if that's present. if present check who signed that cert and if you have that ca cert as well, etc until you find the missing ca cert
0
 

Author Comment

by:matedwards
ID: 41803002
Apologies, the certificate is SHA256 and I just read Sonicwall 5.8.1.1 cannot use SHA256.

I upgraded the sonicwall to OS5.9 and it also upgraded the sonicpoints firmware and stopped the wireless.

Is there a way of upgrading the Sonicwall but leaving the sonicpoints on  their existing image?
0
 

Author Comment

by:matedwards
ID: 41806965
I have upgraded the NSA240 to firmware 5.9 and the certificate is now working. Unfortunately, the Sonicpoints have stopped working. They advertise the SSID (that has always worked) but a client cannot join the wireless. Even using a WPA-PSK. The moment the Sonicwall is taken back to 5.8.1.11-62o the Sonicpoints re-image, reboot and start working again.

I tried to stop the Sonicpoints' firmware from upgrading by manually specifying the image path in Sonicwall > Sonicpoints to:

URL: software.sonicwall.com/applications/sonicpoint/sw_sp_eng_5.6.0.1_14.bin.sig
 
but still no client can join the SSID.

Many thanks for your help in solving the certificate issue.  I will award the points for the original question.
0
 
LVL 9

Expert Comment

by:J Spoor
ID: 41806977
I forgot indeed, 5.8 doesn't support sha2 ....

SonicPoint support in 5.9 should be a lot better. not sure what broke in your case, but I am sure SonicWALL support can help you.
0
 

Author Comment

by:matedwards
ID: 41808861
Just a note...

The wireless band had always been set to '802.11n only'. All the clients had 'n' compatible wNICs and could connect to '802.11n only' but after the firmware upgrade I had to set the sonicpoints to mixed mode '802.11b/g/n'.

Then all the clients rejoined!!

I have no idea why?
0
 
LVL 9

Expert Comment

by:J Spoor
ID: 41808897
that sounds like a bug... could you please open a support case for this.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
This video will take you through the Acquisition tab overview.  You will learn to navigate All Traffic and Organic Keywords. It will take you through the Social Overview, Site Content, and Real Time tabs. Click on Acquisition – Overview : Look at Al…
This Micro Tutorial will demonstrate using MozBar to view an article that was deleted from the Search Engine Watch site after being debunked by Google.
Suggested Courses
Course of the Month10 days, 15 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question