Password Protect Mirror

Discussion in 'Other ESET Home Products' started by An10Bill, Mar 27, 2009.

Thread Status:
Not open for further replies.
  1. An10Bill

    An10Bill Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    21
    Location:
    Norway/Sweden
    Hi,

    We are running a local mirror on RA-server 3.0.105. We have some users which sometimes are inhouse, and sometimes are external. For that reason we have set up a firewall-rule allowing communications with our mirror from the internet.
    But ofcourse we do not want to share the mirror with the entire world, and so we would like to password-protect its usage, in the same way eset's mirrors require a password/username.

    We have tried to set this up, but we can't get it to work. Our specified username sticks to the config, but the specified password doesn't seem to get saved - when we re-enter the configuration, the password-setting is not set - no password is defined. And when we set the authentication-setting to Basic or NTLM the user's cannot update. The specified username/password fails. - Probably because the password is not defined.

    How do we set up authentication for the Mirror so that username/password is saved in the mirror's config, and the clients only can update with the supplied username/passwords ??

    --
    An10Bill
     
    Last edited: Mar 27, 2009
  2. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    If you use NTLM, you are authenticating against a real user account on the server. If that is the case, make a user account with user rights (might want to put this account in the Deny Local Logon group in security policy) and set the password for it. Then clients will be able to access updates with the username [serverhostname]\[username] and the associated password.
     
  3. An10Bill

    An10Bill Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    21
    Location:
    Norway/Sweden
    Thanks - this worked great for the v.3.0 clients and the v.4.0 clients.... But our servers are still using Nod v2.7 - so we have created a v2 mirror (the same mirror as version 3 and 4 but using the "create mirrored update for v2" option)

    So the entire mirror is now password protected - but the NOD 2.7 clients cant connect - it works great for v3 and v4, but v2.7 seems to not accept the password. The mirror works nice for all versions when diabling the NTLM authentication option, but with NTLM the 2.7 clients looses the ability to update - which is bad.

    Any ideas? Is there known restrictions to NTLM password length etc using NOD 2.7??

    Thanks in advance!
     
  4. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    If the 2.7 clients are using LM authentication instead of NTLM, you might be running in to the 14 character password limit. That's the only thing I can think of, since I haven't personally tried to run authentication on a mirror for 2.7 clients.
     
  5. An10Bill

    An10Bill Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    21
    Location:
    Norway/Sweden
    Tha password is only 12 chars so LM vs NTLM should not be an issue then..... And I don't se no reason the for the client to don't support mixed case letters and special chars like %,&,! etc.

    If I understand correctly the password stored in the clients config are just passed to the ERA which in turn authenticates it towards the ActiveDirectory - so if it works for version 3.0 and 4.0 - why should 2.7 be any different? Its the same mirror, same config, same authentication..... aargh!

    Seems to me there's a bug in the v2.0 mirror created by the ERA 3.0.105 making it not support authentication.....ore something like that....

    The reason I want to password protect the mirror is because I want to forward the LAN-side of my mirror to an external dns (with NAT-rules in my FW) so that clients can update from my mirror with the same config (using DNS), being onsite at work or at home in their homeoffice - but ofcourse this cannot be done if I can't protect my mirror in some way...... I don't want to feed the warezcommunity with a free stream of updates, that I pay for....

    Ofcourse there is a workaround...Reconfiguring the 2.7 serves to only update towards ESET directly and not my mirror, would leave just 3.0 and 4.0 clients to use the mirror - thus working nice with protection.... But It would have been swell to get everything working without workarounds - and we're not ready to update the serveres to 4.0 yet....
     
Thread Status:
Not open for further replies.