Wednesday, July 22, 2009

Centreware Web With Firefox Verboten? IIS Not!

cc image credit: Jeremy Botter, flickr

So our customers were recently outfitted across the organization with new Xerox multi-function, networked printing devices.

They can be configured and managed directly from the control panel of the device, or via an web-based IP connection.  Pretty standard stuff.

Only we have hundreds of them assigned to our supported customers.

It took us a while to figure out (thanks Xerox) but there is a product from Xerox that will allow us to “globally” administer all the devices rather than just dealing with them individually via IP.

Turns out it is not too bad a product.  In about a day’s time I had figured out how to get it installed, Discovery sets configured for my target subnet groups, and determined it was pretty darn cool.  We will still need to do a combo of device administration work between both the Centreware Web and the direct IP access tools, but they do integrate quite well.

One of the tricks I had to figure out was that the Microsoft IIS service was not configured or installed by default on our XP Pro images. It is pre-requisite requirement for Centreware Web. (more here Internet Information Services – Wikipedia).  For a while it wasn’t clear to me how to get it up and going but then I found this great Web Wiz Guide post that clearly walked me thorough the initial install of IIS.

From there the rest was pretty much fun gravy getting it sorted out and exploring the features, wizards, and reports that can be done. Having the information of all our devices as discovered by periodic scans is extremely powerful and by loading it into a local SQL Express database make manipulation of that data fast and flexible.

Anyway…

In setting it up, it uses Internet Explorer as the browser/interface.

That was good for the first week of usage for me. I was getting to know it and learn the features and navigation.  However swapping between Firefox for my other management work and IE (8 for those who are wondering) was annoying.

However there was an issue if I tried to open the same main-page in Firefox (3.5.x).

If I attempted to load the main-page for Centreware in Firefox, it kept asking me for authentication credentials.

None of the account credentials I made setting it up worked.

After much research..not being familiar with IIS, I learned where the IIS settings for the system/Centreware were kept and that IE was not using a traditional “stored” password to log into it.  Instead it was using an anonymous login credentials to do so.

Normally I would have turned to my Password Recovery Tools by Nir Sofer to access them.  Really I just needed the password which I could see asterisk-hidden underneath the default IIS name I located in the IIS property window.  Unfortunately, powers that are above our IT level have set Symantec CE to “battle-hardened threat-level full-shields up” and any attempt to download/run them sets off massive alert/blocking action.

I needed an alternative means.

And thus found IIS Informant: Passwords for IUSR and IWAM which provided a simple VBS solution that indeed worked flawlessly (with no Symantec alerts) to extract the user account names and passwords.  Cool, and so much for security…

Unfortunately, feeding these credentials to Firefox still didn’t allow login.

What was I missing?

Seems that IIS uses something called “Integrated Authentication.”  Of course, IE has the ability to use your windows user account automatically to log in and access the IIS page/Centreware pages.

Digging a little more I also discovered that Firefox has this capability as well, but it just isn’t enabled by default.

The solution to get IIS to use Integrated Authentication in Firefox was provided by Pete Orologas in his post Firefox - Enter username and password for "" at http://localhost - Solution

…you'll have to make a quick configuration change.

1) Open up Firefox and type in about:config as the url

2) In the Filter Type in ntlm

3) Double click "network.automatic-ntlm-auth.trusted-uris" and type in localhost and hit enter

4) Write Thank You To Blogger

I did, restarted Firefox, jumped again to my Centreware Web bookmark in Firefox that was giving me authentication fits and hurrah!   I was instantly in; everything was fast and fully functional, no authentication prompts were required.  I was in like Flint!

I wondered as well if Chrome had such a tweak, as I had tried this in that browser as well with the same request for authentications.

Alas…not yet.

Issue 19 - chromium - Automatic integrated windows authentication (aka automatic NTLM / Negotiate Auth support) - Project Hosting on Google Code

It is in the works in a future build, and there were some “configure Chrome to use a Proxy to make it work” solutions, but just having it working in Firefox is more than enough for me.

Verboten indeed.

--Claus V.

1 comment:

James said...

Great information Claus. I've been getting authentication problems in IE when I try to adjust settings on certain models. I will have to research this. Thanks.