Jump to content

Setup Basic authentication for HTTP mirror server


Guest dmveron
 Share

Recommended Posts

Guest dmveron

Hello,

 

I'm trying to setup Basic authentication for the HTTP mirror server feature inside the Remote Administrator. Under Tools > Server Options > Advanced > Edit Advanced Settings, I have setup a user name and password. Everything looks fine when you save and close, but when it doesn't work and you go back to the config file, the password has been reset to blank. This problem was aslo brought up in a previous post ( hxxp://www.wilderssecurity.com/showthread.php?t=325556 ) but was never answered.

 

Also, how is the "Password for Clients" under Tools > Server Options > Security relate to this. I also tried setting up a password there, but the accessing the mirror server requires both a user name and password, so I don't know what the user name would be.

 

Any help would be appreciated. Thanks.

Link to comment
Share on other sites

Guest dmveron

Yes, I've read through that document before, but it's not relevant to my question. I've used the NTLM authentication method for accessing the mirror server through http by creating a "dummy" Windows account on the machine where ERAS is installed, and pushing that dummy account user name and password to all the client machines. That's a fine workaround for my situation, so I'll live with it.

 

My question/issue though is that you can theoretically use the Basic authentication method for restricting http access to the mirror server, but ESET doesn't provide instructions on how to do that. All the user manuals and online KB articles just say to not use any authentication. When I attempted to manually setup Basic authentication through the server configuration editor, the user name "sticks" but the program deletes the password every time once you save and close the configuration editor. I linked to a previous post on another forum from a use with the same problem. No one responded to that user, and I'm trying to resolve the same issue. What's the point of offering an authentication method without explaining how to use it?

Link to comment
Share on other sites

  • Administrators

Passwords are not stored within the configuration xml for security reasons; this is a deliberate behavior.

Link to comment
Share on other sites

Guest dmveron

[sigh], I don't know if it's a language/translation issue, but that answer still doesn't relate to the original question. Once again:

 

There is no manual/tutorial/KB article on implementing "Basic" authentication for a HTTP mirror server. Please write one, or get rid of the feature.

 

(For the record, there is also no manual/tutorial/KB article on implementing "NTLM" authentication for a HTTP mirror server, but I figured that one out on my own with a little trial and error.)

Link to comment
Share on other sites

DMVeron,

 

I appologize that the answers given have not been thorough or detailed (ending in or useful). Is there a phone # I can reach you at directly to resolve this with you and explain in better detail that you could direct send to me via a Tell? The short answer is that I am now working with our Knowledgebase team to write this article, but have an understanding that I can give to you directly.

The authentication occurs in two places for two different action. One action is to authenticate for updating to the Remote Administrator for the purpose of checkin in (1). The second is for authenticating to the Mirror server inside the Remote Adminsitrator to get the updates (2).

 

(1) server side is input into Tools>Server Options>Password for clients. The user side is put into the policy under version>Kernel>>Settings>Remote Administrator>Primary Server Passsword.

 

(2) server side input into Tools>Server Options>Advanced and then the advanced settings button on that tab. Once in the policy editor, drill down to Remopte Administrator>ERA Server>Settings>Mirror>Username and Password fields.The user side is put into the policy under version>Update>Profile>Settings>Username and Password fields.

 

Once those credentials match and the client machine logs in and gets the update, then the authenctication can take place. I recommend setting the password in the policy FIRST so that the clients get that data and THEN change the ERA so that it wills tart asking for that password. Otherwise, if you change the authenticaiton onm the server first the clients wont be able to log in and get the policy changes.

 

Please feel free to reach out to me through direct messaging or calling the support lines if this is not explicit enough.

Patrick

Link to comment
Share on other sites

  • 3 months later...

Hello,
I have the same problem with the basic authentication and I might have found the cause: NTLM is used even if basic authentication is configured. If you just have a look at the security log, you may recognize entries with the HTTP user. The ESET HTTP server simply does not care about it's own configured credentials and always tries to authenticate against a local Windows user.

Link to comment
Share on other sites

  • ESET Moderators

Hello Sfx,

 

that is how NTLM authentication works, it always check the credentials provided against local user account.

So in this type of authentication you cannot just type your own username and password, but you have to create user account with on the system, which hosts the mirror.

Link to comment
Share on other sites

I know, but I am talking about basic authentication which behaves like NTLM. It makes no difference whether I choose basic or NTLM authentication.

Link to comment
Share on other sites

  • ESET Moderators

Hello SFX,

 

yes there is a difference, basic uses base64 encoding for authentication, NTLM uses NTLM for authentication.

 

What version of ERA and Endpoints do you use?

Could you please describe a bit you infrastructure, where do you have mirror and what clients would you like to update from it?

Link to comment
Share on other sites

Server: Windows 2012 Standard + ERA 5.0.511.0 with activated mirror

Test client: Windows 7 x86 + Endpoint Security 5.0.2214.5

 

All machines are on the same LAN and domain.

Edited by sfx
Link to comment
Share on other sites

  • Administrators

Do you use a user name and password of a user that has at least read permissions for the mirror folder on the Windows 2012 Server?

Link to comment
Share on other sites

  • 1 year later...

Hi everybody,

 

I am also trying to setup basic authentication for local HTTP mirror server but it is not working.

I followed PatrickL post and in the ERA Console on the server, I enabled Basic authentication in "Tools>Server Options>Updates" and put a username and password in the "Remote Administrator>ERA Server>Settings>Mirror>Username and Password fields" of the policy editor.

I then went to the client machine and put the same Username and Password in the Update>Profile>Settings>Username and Password fields.

I then tried to manually update and I get a license detail windows asking me for a username and password. If I type again the same Username and Password, I get a incorrect username and/or password message.

As soon as I disable authentication in the ERA console, updates work !

Thanks for your help.

 

 

Sylvain

 

 

printscreen.pdf

Link to comment
Share on other sites

  • ESET Staff

I'd like to point out that we do cover the creation of a username and password for clients to access the mirror in this article for those using ERA 5.x. We also have instructions for those using ERA 6.x to configure a password protected mirror here.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...