This article describes how you can diagnose authentication issues, where users are unexpectedly prompted for credentials in the browsers.
This issue can occur if the Smoothwall Filter and Firewall is unable to fetch the user credentials from the client automatically. Your users might have a dialog box open and request their credentials, but even after they enter the correct credentials, it doesn't allow them to bypass this.
Issue with the Authentication Service
This could be an issue with the authentication service. For example, it's either not running, has communication or validation issues. To find out the exact cause of where a fault has been found, what the cause of the problem is and how to resolve it:
- On the SERVICES menu, under the Authentication submenu, click Directories.
- For the relevant directory connection, click Diagnose.
For more information, see our help topic, Managing directories.
Application Not Capable of Sending Authentication
The other cause could be an application running in the background that's not capable of sending authentication answers to the proxy. Applications, other than browsers, generally, don't support proxy authentication.
To solve this, either:
- Add exceptions that bypass authentication for the destinations these application access.
- Change the authentication method to a method where users login to the Smoothwall Filter and Firewall when they log into their system, rather than when they browse.
When troubleshooting and looking at the logs to find the destinations these applications go to, look for entries showing the code 407 in the code column. A 407 signifies proxy authentication required. Any entries with 407 as the code that does not result in a subsequent 200 for accessing the same destination, signifies that the proxy never received an authentication reply from the client.